from this and ãx â Cã have x â positive-part C unfolding positive-part-def by auto ...... from ãC = resolvent-
Propositional Resolution and Prime Implicates Generation Nicolas Peltier Laboratory of Informatics of Grenoble/CNRS University Grenoble Alps October 11, 2017 Abstract We provide formal proofs in Isabelle-HOL (using mostly structured Isar proofs) of the soundness and completeness of the Resolution rule in propositional logic. The completeness proofs take into account the usual redundancy elimination rules (namely tautology elimination and subsumption), and several refinements of the Resolution rule are considered: ordered resolution (with selection functions), positive and negative resolution, semantic resolution and unit resolution (the latter refinement is complete only for clause sets that are Horn-renamable). We also define a concrete procedure for computing saturated sets and establish its soundness and completeness. The clause sets are not assumed to be finite, so that the results can be applied to formulas obtained by grounding sets of first-order clauses (however, a total ordering among atoms is assumed to be given). Next, we show that the unrestricted Resolution rule is deductivecomplete, in the sense that it is able to generate all (prime) implicates of any set of propositional clauses (i.e., all entailment-minimal, nonvalid, clausal consequences of the considered set). The generation of prime implicates is an important problem, with many applications in artificial intelligence and verification (for abductive reasoning, knowledge compilation, diagnosis, debugging etc.). We also show that implicates can be computed in an incremental way, by fixing an ordering among all the atoms and resolving upon these atoms one by one in the considered order (with no backtracking). This feature is critical for the efficient computation of prime implicates. Building on these results, we provide a procedure for computing such implicates and establish its soundness and completeness.
Contents 1 Syntax of Propositional Clausal Logic
2
2 Semantics
4 1
3 Inference Rules 3.1 Unrestricted Resolution . . . . . . 3.2 Ordered Resolution . . . . . . . . . 3.3 Ordered Resolution with Selection 3.4 Semantic Resolution . . . . . . . . 3.5 Unit Resolution . . . . . . . . . . . 3.6 Positive and Negative Resolution .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
6 7 7 8 9 10 11
4 Redundancy Elimination Rules
13
5 Renaming
18
6 Soundness
25
7 Refutational Completeness 7.1 Ordered Resolution . . . . . . . . . . . . . . . 7.2 Ordered Resolution with Selection . . . . . . 7.3 Semantic Resolution . . . . . . . . . . . . . . 7.4 Positive and Negative Resolution . . . . . . . 7.5 Unit Resolution and Horn Renamable Clauses
. . . . .
. . . . .
. . . . .
8 Computation of Saturated Clause Sets
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
27 28 36 43 46 46 48
9 Prime Implicates Generation 56 9.1 Implicates and Prime Implicates . . . . . . . . . . . . . . . . 57 9.2 Generation of Prime Implicates . . . . . . . . . . . . . . . . . 57 9.3 Incremental Prime Implicates Computation . . . . . . . . . . 62
1
Syntax of Propositional Clausal Logic
We define the usual syntactic notions of clausal propositional logic. The set of atoms may be arbitrary (even uncountable), but a well-founded total order is assumed to be given. theory Propositional-Resolution imports Main HOL.Finite-Set begin locale propositional-atoms = fixes atom-ordering :: ( 0at × 0at) set assumes atom-ordering-wf :(wf atom-ordering) and atom-ordering-total :(∀ x y. (x 6= y −→ ((x ,y) ∈ atom-ordering ∨ (y,x ) ∈ atom-ordering)))
2
and atom-ordering-trans: ∀ x y z . (x ,y) ∈ atom-ordering −→ (y,z ) ∈ atom-ordering −→ (x ,z ) ∈ atom-ordering and atom-ordering-irrefl : ∀ x y. (x ,y) ∈ atom-ordering −→ (y,x ) ∈ / atom-ordering begin
Literals are defined as usual and clauses and formulas are considered as sets. Clause sets are not assumed to be finite (so that the results can be applied to sets of clauses obtained by grounding first-order clauses). datatype 0a Literal = Pos 0a | Neg 0a definition atoms = { x :: 0at. True } fun atom :: 0a Literal ⇒ 0a where (atom (Pos A)) = A | (atom (Neg A)) = A fun complement :: 0a Literal ⇒ 0a Literal where (complement (Pos A)) = (Neg A) | (complement (Neg A)) = (Pos A) lemma atom-property : A = (atom L) =⇒ (L = (Pos A) ∨ L = (Neg A)) by (metis atom.elims) fun positive :: 0at Literal ⇒ bool where (positive (Pos A)) = True | (positive (Neg A)) = False fun negative :: 0at Literal ⇒ bool where (negative (Pos A)) = False | (negative (Neg A)) = True type-synonym 0a Clause = 0a Literal set type-synonym 0a Formula = 0a Clause set
Note that the clauses are not assumed to be finite (some of the properties below hold for infinite clauses). The following functions return the set of atoms occurring in a clause or formula. fun atoms-clause :: 0at Clause ⇒ 0at set where atoms-clause C = { A. ∃ L. L ∈ C ∧ A = atom(L) } fun atoms-formula :: 0at Formula ⇒ 0at set where atoms-formula S = { A. ∃ C . C ∈ S ∧ A ∈ atoms-clause(C ) }
3
lemma atoms-formula-subset: S1 ⊆ S2 =⇒ atoms-formula S1 ⊆ atoms-formula S2 by auto lemma atoms-formula-union: atoms-formula (S1 ∪ S2 ) = atoms-formula S1 ∪ atoms-formula S2 by auto
The following predicate is useful to state that every clause in a set fulfills some property. definition all-fulfill :: ( 0at Clause ⇒ bool ) ⇒ 0at Formula ⇒ bool where all-fulfill P S = (∀ C . (C ∈ S −→ (P C )))
The order on atoms induces a (non total) order among literals: fun literal-ordering :: 0at Literal ⇒ 0at Literal ⇒ bool where (literal-ordering L1 L2 ) = ((atom L1 ,atom L2 ) ∈ atom-ordering) lemma literal-ordering-trans : assumes literal-ordering A B assumes literal-ordering B C shows literal-ordering A C using assms(1 ) assms(2 ) atom-ordering-trans literal-ordering.simps by blast definition strictly-maximal-literal :: 0at Clause ⇒ 0at Literal ⇒ bool where (strictly-maximal-literal S A) ≡ (A ∈ S ) ∧ (∀ B . ( B ∈ S ∧ A 6= B ) −→ (literal-ordering B A))
2
Semantics
We define the notions of interpretation, satisfiability and entailment and establish some basic properties. type-synonym 0a Interpretation = 0a set fun validate-literal :: 0at Interpretation ⇒ 0at Literal ⇒ bool (infix |= 65 ) where (validate-literal I (Pos A)) = (A ∈ I ) | (validate-literal I (Neg A)) = (A ∈ / I) fun validate-clause :: 0at Interpretation ⇒ 0at Clause ⇒ bool (infix |= 65 ) where (validate-clause I C ) = (∃ L. (L ∈ C ) ∧ (validate-literal I L)) fun validate-formula :: 0at Interpretation ⇒ 0at Formula ⇒ bool (infix |= 65 ) where
4
(validate-formula I S ) = (∀ C . (C ∈ S −→ (validate-clause I C ))) definition satisfiable :: 0at Formula ⇒ bool where (satisfiable S ) ≡ (∃ I . (validate-formula I S ))
We define the usual notions of entailment between clauses and formulas. definition entails :: 0at Formula ⇒ 0at Clause ⇒ bool where (entails S C ) ≡ (∀ I . (validate-formula I S ) −→ (validate-clause I C )) lemma entails-member : assumes C ∈ S shows entails S C using assms unfolding entails-def by simp definition entails-formula :: 0at Formula ⇒ 0at Formula ⇒ bool where (entails-formula S1 S2 ) = (∀ C ∈ S2 . (entails S1 C )) definition equivalent :: 0at Formula ⇒ 0at Formula ⇒ bool where (equivalent S1 S2 ) = (entails-formula S1 S2 ∧ entails-formula S2 S1 ) lemma equivalent-symmetric: equivalent S1 S2 =⇒ equivalent S2 S1 by (simp add : equivalent-def ) lemma entailment-implies-validity: assumes entails-formula S1 S2 assumes validate-formula I S1 shows validate-formula I S2 using assms entails-def entails-formula-def by auto lemma validity-implies-entailment: assumes ∀ I . validate-formula I S1 −→ validate-formula I S2 shows entails-formula S1 S2 by (meson assms entails-def entails-formula-def validate-formula.elims(2 )) lemma entails-transitive: assumes entails-formula S1 S2 assumes entails-formula S2 S3 shows entails-formula S1 S3 by (meson assms entailment-implies-validity validity-implies-entailment) lemma equivalent-transitive: assumes equivalent S1 S2 assumes equivalent S2 S3 shows equivalent S1 S3 using assms entails-transitive equivalent-def by auto lemma entailment-subset :
5
assumes S2 ⊆ S1 shows entails-formula S1 S2 proof − have ∀ L La. L ∈ / La ∨ entails La L by (meson entails-member ) thus ?thesis by (meson assms entails-formula-def set-rev-mp) qed lemma entailed-formula-entails-implicates: assumes entails-formula S1 S2 assumes entails S2 C shows entails S1 C using assms entailment-implies-validity entails-def by blast
3
Inference Rules
We first define an abstract notion of a binary inference rule. type-synonym 0a BinaryRule = 0a Clause ⇒ 0a Clause ⇒ 0a Clause ⇒ bool definition less-restrictive :: 0at BinaryRule ⇒ 0at BinaryRule ⇒ bool where (less-restrictive R1 R2 ) = (∀ P1 P2 C . (R2 P1 P2 C ) −→ ((R1 P1 P2 C ) ∨ (R1 P2 P1 C )))
The following functions allow to generate all the clauses that are deducible from a given clause set (in one step). fun all-deducible-clauses:: 0at BinaryRule ⇒ 0at Formula ⇒ 0at Formula where all-deducible-clauses R S = { C . ∃ P1 P2 . P1 ∈ S ∧ P2 ∈ S ∧ (R P1 P2 C ) } fun add-all-deducible-clauses:: 0at BinaryRule ⇒ 0at Formula ⇒ 0at Formula where add-all-deducible-clauses R S = (S ∪ all-deducible-clauses R S ) definition derived-clauses-are-finite :: 0at BinaryRule ⇒ bool where derived-clauses-are-finite R = (∀ P1 P2 C . (finite P1 −→ finite P2 −→ (R P1 P2 C ) −→ finite C )) lemma less-restrictive-and-finite : assumes less-restrictive R1 R2 assumes derived-clauses-are-finite R1 shows derived-clauses-are-finite R2 by (metis assms derived-clauses-are-finite-def less-restrictive-def )
We then define the unrestricted resolution rule and usual resolution refinements.
6
3.1
Unrestricted Resolution
definition resolvent :: 0at BinaryRule where (resolvent P1 P2 C ) ≡ (∃ A. ((Pos A) ∈ P1 ∧ (Neg A) ∈ P2 ∧ (C = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A })))))
For technical convience, we now introduce a slightly extended definition in which resolution upon a literal not occurring in the premises is allowed (the obtained resolvent is then redundant with the premises). If the atom is fixed then this version of the resolution rule can be turned into a total function. fun resolvent-upon :: 0at Clause ⇒ 0at Clause ⇒ 0at ⇒ 0at Clause where (resolvent-upon P1 P2 A) = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A })) lemma resolvent-upon-is-resolvent : assumes Pos A ∈ P1 assumes Neg A ∈ P2 shows resolvent P1 P2 (resolvent-upon P1 P2 A) using assms unfolding resolvent-def by auto lemma resolvent-is-resolvent-upon : assumes resolvent P1 P2 C shows ∃ A. C = resolvent-upon P1 P2 A using assms unfolding resolvent-def by auto lemma resolvent-is-finite : shows derived-clauses-are-finite resolvent proof (rule ccontr ) assume ¬derived-clauses-are-finite resolvent then have ∃ P1 P2 C . ¬(resolvent P1 P2 C −→ finite P1 −→ finite P2 −→ finite C ) unfolding derived-clauses-are-finite-def by blast then obtain P1 P2 C where resolvent P1 P2 C finite P1 finite P2 and ¬finite C by blast from hresolvent P1 P2 C i hfinite P1 i hfinite P2 i and h¬finite C i show False unfolding resolvent-def using finite-Diff and finite-Union by auto qed
In the next subsections we introduce various resolution refinements and show that they are more restrictive than unrestricted resolution.
3.2
Ordered Resolution
In the first refinement, resolution is only allowed on maximal literals. definition ordered-resolvent :: 0at Clause ⇒ 0at Clause ⇒ 0at Clause ⇒ bool
7
where (ordered-resolvent P1 P2 C ) ≡ (∃ A. ((C = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A }))) ∧ (strictly-maximal-literal P1 (Pos A)) ∧ (strictly-maximal-literal P2 (Neg A))))
We now show that the maximal literal of the resolvent is always smaller than those of the premises. lemma resolution-and-max-literal : assumes R = resolvent-upon P1 P2 A assumes strictly-maximal-literal P1 (Pos A) assumes strictly-maximal-literal P2 (Neg A) assumes strictly-maximal-literal R M shows (atom M , A) ∈ atom-ordering proof − obtain MA where M = (Pos MA) ∨ M = (Neg MA) using Literal .exhaust [of M ] by auto hence MA = (atom M ) by auto from hstrictly-maximal-literal R M i and hR = resolvent-upon P1 P2 Ai have M ∈ P1 − { Pos A } ∨ M ∈ P2 − { Neg A } unfolding strictly-maximal-literal-def by auto hence (MA,A) ∈ atom-ordering proof assume M ∈ P1 − { Pos A } from hM ∈ P1 − { Pos A }i and hstrictly-maximal-literal P1 (Pos A)i have literal-ordering M (Pos A) unfolding strictly-maximal-literal-def by auto from hM = Pos MA ∨ M = Neg MAi and hliteral-ordering M (Pos A)i show (MA,A) ∈ atom-ordering by auto next assume M ∈ P2 − { Neg A } from hM ∈ P2 − { Neg A }i and hstrictly-maximal-literal P2 (Neg A)i have literal-ordering M (Neg A) by (auto simp only: strictly-maximal-literal-def ) from hM = Pos MA ∨ M = Neg MAi and hliteral-ordering M (Neg A)i show (MA,A) ∈ atom-ordering by auto qed from this and hMA = atom M i show ?thesis by auto qed
3.3
Ordered Resolution with Selection
In the next restriction strategy, some negative literals are selected with highest priority for applying the resolution rule, regardless of the ordering. Relaxed ordering restrictions also apply. definition (selected-part Sel C ) = { L. L ∈ C ∧ (∃ A ∈ Sel . L = (Neg A)) } definition ordered-sel-resolvent :: 0at set ⇒ 0at Clause ⇒ 0at Clause ⇒ 0at Clause ⇒ bool
8
where (ordered-sel-resolvent Sel P1 P2 C ) ≡ (∃ A. ((C = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A }))) ∧ (strictly-maximal-literal P1 (Pos A)) ∧ ((selected-part Sel P1 ) = {}) ∧ ( ((strictly-maximal-literal P2 (Neg A)) ∧ (selected-part Sel P2 ) = {}) ∨ (strictly-maximal-literal (selected-part Sel P2 ) (Neg A))))) lemma ordered-resolvent-is-resolvent : less-restrictive resolvent ordered-resolvent using less-restrictive-def ordered-resolvent-def resolvent-upon-is-resolvent strictly-maximal-literal-def by auto
The next lemma states that ordered resolution with selection coincides with ordered resolution if the selected part is empty. lemma ordered-sel-resolvent-is-ordered-resolvent : assumes ordered-resolvent P1 P2 C assumes selected-part Sel P1 = {} assumes selected-part Sel P2 = {} shows ordered-sel-resolvent Sel P1 P2 C using assms ordered-resolvent-def ordered-sel-resolvent-def by auto lemma ordered-resolvent-upon-is-resolvent : assumes strictly-maximal-literal P1 (Pos A) assumes strictly-maximal-literal P2 (Neg A) shows ordered-resolvent P1 P2 (resolvent-upon P1 P2 A) using assms ordered-resolvent-def by auto
3.4
Semantic Resolution
In this strategy, resolution is applied only if one parent is false in some (fixed) interpretation. Note that ordering restrictions still apply, although they are relaxed. definition validated-part :: 0at set ⇒ 0at Clause ⇒ 0at Clause where (validated-part I C ) = { L. L ∈ C ∧ (validate-literal I L) } definition ordered-model-resolvent :: 0 at Interpretation ⇒ 0at Clause ⇒ 0at Clause ⇒ 0at Clause ⇒ bool where (ordered-model-resolvent I P1 P2 C ) = (∃ L. (C = (P1 − { L } ∪ (P2 − { complement L }))) ∧ ((validated-part I P1 ) = {} ∧ (strictly-maximal-literal P1 L)) ∧ (strictly-maximal-literal (validated-part I P2 ) (complement L))) lemma ordered-model-resolvent-is-resolvent : less-restrictive resolvent (ordered-model-resolvent I) proof (rule ccontr ) assume ¬ less-restrictive resolvent (ordered-model-resolvent I ) then obtain P1 P2 C where ordered-model-resolvent I P1 P2 C and ¬resolvent P1 P2 C
9
and ¬resolvent P2 P1 C unfolding less-restrictive-def by auto from hordered-model-resolvent I P1 P2 C i obtain L where strictly-maximal-literal P1 L and strictly-maximal-literal (validated-part I P2 ) (complement L) and C = (P1 − { L }) ∪ (P2 − { complement L }) using ordered-model-resolvent-def [of I P1 P2 C ] by auto from hstrictly-maximal-literal P1 Li have L ∈ P1 by (simp only: strictly-maximal-literal-def ) from hstrictly-maximal-literal (validated-part I P2 ) (complement L)i have (complement L) ∈ P2 by (auto simp only: strictly-maximal-literal-def validated-part-def ) obtain A where L = Pos A ∨ L = Neg A using Literal .exhaust [of L] by auto from this and hC = (P1 − { L }) ∪ (P2 − { complement L })i and hL ∈ P1 i and h(complement L) ∈ P2 i have resolvent P1 P2 C ∨ resolvent P2 P1 C unfolding resolvent-def by auto from this and h¬resolvent P2 P1 C i and h¬resolvent P1 P2 C i show False by auto qed
3.5
Unit Resolution
Resolution is applied only if one parent is unit (this restriction is incomplete). definition Unit :: 0at Clause ⇒ bool where (Unit C ) = ((card C ) = 1 ) definition unit-resolvent :: 0at BinaryRule where (unit-resolvent P1 P2 C ) = ((∃ L. (C = ( (P1 − { L}) ∪ ( P2 − { complement L }))) ∧ L ∈ P1 ∧ (complement L) ∈ P2 ) ∧ Unit P1 ) lemma unit-resolvent-is-resolvent : less-restrictive resolvent unit-resolvent proof (rule ccontr ) assume ¬ less-restrictive resolvent unit-resolvent then obtain P1 P2 C where unit-resolvent P1 P2 C and ¬resolvent P1 P2 C and ¬resolvent P2 P1 C unfolding less-restrictive-def by auto from hunit-resolvent P1 P2 C i obtain L where L ∈ P1 and complement L ∈ P2 and C = (P1 − { L }) ∪ (P2 − { complement L }) using unit-resolvent-def [of P1 P2 C ] by auto obtain A where L = Pos A ∨ L = Neg A using Literal .exhaust [of L] by auto from this and hC = (P1 − { L }) ∪ (P2 − { complement L })i and hL ∈ P1 i and hcomplement L ∈ P2 i have resolvent P1 P2 C ∨ resolvent P2 P1 C unfolding resolvent-def by auto from this and h¬resolvent P2 P1 C i and h¬resolvent P1 P2 C i show False by auto qed
10
3.6
Positive and Negative Resolution
Resolution is applied only if one parent is positive (resp. negative). Again, relaxed ordering restrictions apply. definition positive-part :: 0at Clause ⇒ 0at Clause where (positive-part C ) = { L. (∃ A. L = Pos A) ∧ L ∈ C } definition negative-part :: 0at Clause ⇒ 0at Clause where (negative-part C ) = { L. (∃ A. L = Neg A) ∧ L ∈ C } lemma decomposition-clause-pos-neg : C = (negative-part C ) ∪ (positive-part C ) proof show C ⊆ (negative-part C ) ∪ (positive-part C ) proof fix x assume x ∈ C obtain A where x = Pos A ∨ x = Neg A using Literal .exhaust [of x ] by auto show x ∈ (negative-part C ) ∪ (positive-part C ) proof cases assume x = Pos A from this and hx ∈ C i have x ∈ positive-part C unfolding positive-part-def by auto then show x ∈ (negative-part C ) ∪ (positive-part C ) by auto next assume x 6= Pos A from this and hx = Pos A ∨ x = Neg Aihave x = Neg A by auto from this and hx ∈ C i have x ∈ negative-part C unfolding negative-part-def by auto then show x ∈ (negative-part C ) ∪ (positive-part C ) by auto qed qed next show (negative-part C ) ∪ (positive-part C ) ⊆ C unfolding negative-part-def and positive-part-def by auto qed definition ordered-positive-resolvent :: 0at Clause ⇒ 0at Clause ⇒ 0at Clause ⇒ bool where (ordered-positive-resolvent P1 P2 C ) = (∃ L. (C = (P1 − { L } ∪ (P2 − { complement L }))) ∧ ((negative-part P1 ) = {} ∧ (strictly-maximal-literal P1 L)) ∧ (strictly-maximal-literal (negative-part P2 ) (complement L))) definition ordered-negative-resolvent :: 0at Clause ⇒ 0at Clause ⇒ 0at Clause ⇒ bool where
11
(ordered-negative-resolvent P1 P2 C ) = (∃ L. (C = (P1 − { L } ∪ (P2 − { complement L }))) ∧ ((positive-part P1 ) = {} ∧ (strictly-maximal-literal P1 L)) ∧ (strictly-maximal-literal (positive-part P2 ) (complement L))) lemma positive-resolvent-is-resolvent : less-restrictive resolvent ordered-positive-resolvent proof (rule ccontr ) assume ¬ less-restrictive resolvent ordered-positive-resolvent then obtain P1 P2 C where ordered-positive-resolvent P1 P2 C and ¬resolvent P1 P2 C and ¬resolvent P2 P1 C unfolding less-restrictive-def by auto from hordered-positive-resolvent P1 P2 C i obtain L where strictly-maximal-literal P1 L and strictly-maximal-literal (negative-part P2 )(complement L) and C = (P1 − { L }) ∪ (P2 − { complement L }) using ordered-positive-resolvent-def [of P1 P2 C ] by auto from hstrictly-maximal-literal P1 Li have L ∈ P1 unfolding strictly-maximal-literal-def by auto from hstrictly-maximal-literal (negative-part P2 ) (complement L)i have (complement L) ∈ P2 unfolding strictly-maximal-literal-def negative-part-def by auto obtain A where L = Pos A ∨ L = Neg A using Literal .exhaust [of L] by auto from this and hC = (P1 − { L }) ∪ (P2 − { complement L })i and hL ∈ P1 i and h(complement L) ∈ P2 i have resolvent P1 P2 C ∨ resolvent P2 P1 C unfolding resolvent-def by auto from this and h¬(resolvent P2 P1 C )i and h¬(resolvent P1 P2 C )i show False by auto qed lemma negative-resolvent-is-resolvent : less-restrictive resolvent ordered-negative-resolvent proof (rule ccontr ) assume ¬ less-restrictive resolvent ordered-negative-resolvent then obtain P1 P2 C where (ordered-negative-resolvent P1 P2 C ) and ¬(resolvent P1 P2 C ) and ¬(resolvent P2 P1 C ) unfolding less-restrictive-def by auto from hordered-negative-resolvent P1 P2 C i obtain L where strictly-maximal-literal P1 L and strictly-maximal-literal (positive-part P2 )(complement L) and C = (P1 − { L }) ∪ (P2 − { complement L }) using ordered-negative-resolvent-def [of P1 P2 C ] by auto from hstrictly-maximal-literal P1 Li have L ∈ P1 unfolding strictly-maximal-literal-def by auto from hstrictly-maximal-literal (positive-part P2 ) (complement L)i have (complement L) ∈ P2 unfolding strictly-maximal-literal-def positive-part-def by auto obtain A where L = Pos A ∨ L = Neg A using Literal .exhaust [of L] by auto from this and hC = (P1 − { L }) ∪ (P2 − { complement L })i and hL ∈ P1 i and h(complement L) ∈ P2 i have resolvent P1 P2 C ∨ resolvent P2 P1 C unfolding resolvent-def by auto
12
from this and h¬resolvent P2 P1 C i and h¬resolvent P1 P2 C i show False by auto qed
4
Redundancy Elimination Rules
We define the usual redundancy elimination rules. definition tautology :: 0a Clause ⇒ bool where (tautology C ) ≡ (∃ A. (Pos A ∈ C ∧ Neg A ∈ C )) definition subsumes :: 0a Clause ⇒ 0a Clause ⇒ bool where (subsumes C D) ≡ (C ⊆ D) definition redundant :: 0a Clause ⇒ 0a Formula ⇒ bool where redundant C S = ((tautology C ) ∨ (∃ D. (D ∈ S ∧ subsumes D C ))) definition strictly-redundant :: 0a Clause ⇒ 0a Formula ⇒ bool where strictly-redundant C S = ((tautology C ) ∨ (∃ D. (D ∈ S ∧ (D ⊂ C )))) definition simplify :: 0at Formula ⇒ 0at Formula where simplify S = { C . C ∈ S ∧ ¬strictly-redundant C S }
We first establish some basic syntactic properties. lemma tautology-monotonous : (tautology C ) =⇒ (C ⊆ D) =⇒ (tautology D) unfolding tautology-def by auto lemma simplify-involutive: shows simplify (simplify S ) = (simplify S ) proof − show ?thesis unfolding simplify-def strictly-redundant-def by auto qed lemma simplify-finite: assumes all-fulfill finite S shows all-fulfill finite (simplify S ) using assms all-fulfill-def simplify-def by auto lemma atoms-formula-simplify: shows atoms-formula (simplify S ) ⊆ atoms-formula S unfolding simplify-def using atoms-formula-subset by auto lemma subsumption-preserves-redundancy : assumes redundant C S
13
assumes subsumes C D shows redundant D S using assms tautology-monotonous unfolding redundant-def subsumes-def by blast lemma subsumption-and-max-literal : assumes subsumes C1 C2 assumes strictly-maximal-literal C1 L1 assumes strictly-maximal-literal C2 L2 assumes A1 = atom L1 assumes A2 = atom L2 shows (A1 = A2 ) ∨ (A1 ,A2 ) ∈ atom-ordering proof − from hA1 = atom L1 i have L1 = (Pos A1 ) ∨ L1 = (Neg A1 ) by (rule atom-property) from hA2 = atom L2 i have L2 = (Pos A2 ) ∨ L2 = (Neg A2 ) by (rule atom-property) from hsubsumes C1 C2 i and hstrictly-maximal-literal C1 L1 i have L1 ∈ C2 unfolding strictly-maximal-literal-def subsumes-def by auto from hstrictly-maximal-literal C2 L2 i and hL1 ∈ C2 i have L1 = L2 ∨ literal-ordering L1 L2 unfolding strictly-maximal-literal-def by auto thus ?thesis proof assume L1 = L2 from hL1 = L2 i and hA1 = atom L1 i and hA2 = atom L2 i show ?thesis by auto next assume literal-ordering L1 L2 from hliteral-ordering L1 L2 i and hL1 = (Pos A1 ) ∨ L1 = (Neg A1 )i and hL2 = (Pos A2 ) ∨ L2 = (Neg A2 )i show ?thesis by auto qed qed lemma superset-preserves-redundancy: assumes redundant C S assumes S ⊆ S 0 shows redundant C S 0 using assms unfolding redundant-def by blast lemma superset-preserves-strict-redundancy: assumes strictly-redundant C S assumes S ⊆ SS shows strictly-redundant C SS using assms unfolding strictly-redundant-def by blast
The following lemmas relate the above notions with that of semantic entailment and thus establish the soundness of redundancy elimination rules. lemma tautologies-are-valid :
14
assumes tautology C shows validate-clause I C by (meson assms tautology-def validate-clause.simps validate-literal .simps(1 ) validate-literal .simps(2 )) lemma subsumption-and-semantics : assumes subsumes C D assumes validate-clause I C shows validate-clause I D using assms unfolding subsumes-def by auto lemma redundancy-and-semantics : assumes redundant C S assumes validate-formula I S shows validate-clause I C by (meson assms redundant-def subsumption-and-semantics tautologies-are-valid validate-formula.elims) lemma redundancy-implies-entailment: assumes redundant C S shows entails S C using assms entails-def redundancy-and-semantics by auto lemma simplify-and-membership : assumes all-fulfill finite S assumes T = simplify S assumes C ∈ S shows redundant C T proof − { fix n have ∀ C . card C ≤ n −→ C ∈ S −→ redundant C T (is ?P n) proof (induction n) show ?P 0 proof ((rule allI ),(rule impI )+) fix C assume card C ≤ 0 and C ∈ S from hcard C ≤ 0 i and hC ∈ S i and hall-fulfill finite S i have C = {} using card-0-eq unfolding all-fulfill-def by auto then have ¬ strictly-redundant C S unfolding strictly-redundant-def tautology-def by auto from this and hC ∈ S i and hT = simplify S i have C ∈ T using simplify-def by auto from this show redundant C T unfolding redundant-def subsumes-def by auto qed next fix n assume ?P n show ?P (Suc n)
15
proof ((rule allI ),(rule impI )+) fix C assume card C ≤ (Suc n) and C ∈ S show redundant C T proof (rule ccontr ) assume ¬redundant C T from this have C ∈ / T unfolding redundant-def subsumes-def by auto from this and hT = simplify S i and hC ∈ S i have strictly-redundant C S unfolding simplify-def strictly-redundant-def by auto from this and h¬redundant C T i obtain D where D ∈ S and D ⊂ C unfolding redundant-def strictly-redundant-def by auto from hD ⊂ C i and hC ∈ S i and hall-fulfill finite S i have card D < card C unfolding all-fulfill-def using psubset-card-mono by auto from this and hcard C ≤ (Suc n)i have card D ≤ n by auto from this and h?P n i and hD ∈ S i have redundant D T by auto show False proof cases assume tautology D from this and hD ⊂ C i have tautology C unfolding tautology-def by auto then have redundant C T unfolding redundant-def by auto from this and h¬redundant C T i show False by auto next assume ¬tautology D from this and hredundant D T i obtain E where E ∈ T and E ⊆ D unfolding redundant-def subsumes-def by auto from this and hD ⊂ C i have E ⊆ C by auto from this and hE ∈ T i and h¬redundant C T i show False unfolding redundant-def and subsumes-def by auto qed qed qed qed } from this and hC ∈ S i show ?thesis by auto qed lemma simplify-preserves-redundancy: assumes all-fulfill finite S assumes redundant C S shows redundant C (simplify S ) by (meson assms redundant-def simplify-and-membership subsumption-preserves-redundancy) lemma simplify-preserves-strict-redundancy: assumes all-fulfill finite S assumes strictly-redundant C S
16
shows strictly-redundant C (simplify S ) proof ((cases tautology C ),(auto simp add : strictly-redundant-def )[1 ]) next assume ¬tautology C from this and assms(2 ) obtain D where D ⊂ C and D ∈ S unfolding strictly-redundant-def by auto from hD ∈ S i have redundant D S unfolding redundant-def subsumes-def by auto from assms(1 ) this have redundant D (simplify S ) using simplify-preserves-redundancy by auto from h¬tautology C i and hD ⊂ C i have ¬tautology D unfolding tautology-def by auto from this and hredundant D (simplify S )i obtain E where E ∈ simplify S and subsumes E D unfolding redundant-def by auto from hsubsumes E D i and hD ⊂ C i have E ⊂ C unfolding subsumes-def by auto from this and hE ∈ simplify S i show strictly-redundant C (simplify S ) unfolding strictly-redundant-def by auto qed lemma simplify-preserves-semantic : assumes T = simplify S assumes all-fulfill finite S shows validate-formula I S ←→ validate-formula I T by (metis (mono-tags, lifting) assms mem-Collect-eq redundancy-and-semantics simplify-and-membership simplify-def validate-formula.simps) lemma simplify-preserves-equivalence : assumes T = simplify S assumes all-fulfill finite S shows equivalent S T using assms equivalent-def simplify-preserves-semantic validity-implies-entailment by auto
After simplification, the formula contains no strictly redundant clause: definition non-redundant :: 0at Formula ⇒ bool where non-redundant S = (∀ C . (C ∈ S −→ ¬strictly-redundant C S )) lemma simplify-non-redundant: shows non-redundant (simplify S ) by (simp add : non-redundant-def simplify-def strictly-redundant-def ) lemma deducible-clause-preserve-redundancy: assumes redundant C S shows redundant C (add-all-deducible-clauses R S ) using assms superset-preserves-redundancy by fastforce
17
5
Renaming
A renaming is a function changing the sign of some literals. We show that this operation preserves most of the previous syntactic and semantic notions. definition rename-literal :: 0at set ⇒ 0at Literal ⇒ 0at Literal where rename-literal A L = (if ((atom L) ∈ A) then (complement L) else L) definition rename-clause :: 0at set ⇒ 0at Clause ⇒ 0at Clause where rename-clause A C = {L. ∃ LL. LL ∈ C ∧ L = (rename-literal A LL)} definition rename-formula :: 0at set ⇒ 0at Formula ⇒ 0at Formula where rename-formula A S = {C . ∃ CC . CC ∈ S ∧ C = (rename-clause A CC )} lemma inverse-renaming : (rename-literal A (rename-literal A L)) = L proof − obtain A where at: L = (Pos A) ∨ L = (Neg A) using Literal .exhaust [of L ] by auto from at show ?thesis unfolding rename-literal-def by auto qed lemma inverse-clause-renaming : (rename-clause A (rename-clause A L)) = L proof − show ?thesis using inverse-renaming unfolding rename-clause-def by auto qed lemma inverse-formula-renaming : rename-formula A (rename-formula A L) = L proof − show ?thesis using inverse-clause-renaming unfolding rename-formula-def by auto qed lemma renaming-preserves-cardinality : card (rename-clause A C ) = card C proof − have im: rename-clause A C = (rename-literal A) ‘ C unfolding rename-clause-def by auto have inj-on (rename-literal A) C by (metis inj-onI inverse-renaming) from this and im show ?thesis using card-image by auto qed lemma renaming-preserves-literal-order : assumes literal-ordering L1 L2 shows literal-ordering (rename-literal A L1 ) (rename-literal A L2 ) proof − obtain A1 where at1 : L1 = (Pos A1 ) ∨ L1 = (Neg A1 ) using Literal .exhaust [of L1 ] by auto obtain A2 where at2 : L2 = (Pos A2 ) ∨ L2 = (Neg A2 ) using Literal .exhaust [of L2 ] by auto from assms and at1 and at2 show ?thesis unfolding rename-literal-def by
18
auto qed lemma inverse-renaming-preserves-literal-order : assumes literal-ordering (rename-literal A L1 ) (rename-literal A L2 ) shows literal-ordering L1 L2 by (metis assms inverse-renaming renaming-preserves-literal-order ) lemma renaming-is-injective: assumes rename-literal A L1 = rename-literal A L2 shows L1 = L2 by (metis (no-types) assms inverse-renaming) lemma renaming-preserves-strictly-maximal-literal : assumes strictly-maximal-literal C L shows strictly-maximal-literal (rename-clause A C ) (rename-literal A L) proof − from assms have (L ∈ C ) and Lismax : (∀ B . (B ∈ C ∧ L 6= B ) −→ (literal-ordering B L)) unfolding strictly-maximal-literal-def by auto from hL ∈ C i have (rename-literal A L) ∈ (rename-clause A C ) unfolding rename-literal-def and rename-clause-def by auto have ∀ B . (B ∈ rename-clause A C −→ rename-literal A L 6= B −→ literal-ordering B (rename-literal A L)) proof (rule)+ fix B assume B ∈ rename-clause A C and rename-literal A L 6= B from hB ∈ rename-clause A C i obtain B 0 where B 0 ∈ C and B = rename-literal A B0 unfolding rename-clause-def by auto from hrename-literal A L 6= B i and hB = rename-literal A B 0i have rename-literal A L 6= rename-literal A B 0 by auto hence L 6= B 0 by auto from this and hB 0 ∈ C i and Lismax have literal-ordering B 0 L by auto from this and hB = (rename-literal A B 0)i show literal-ordering B (rename-literal A L) using renaming-preserves-literal-order by auto qed from this and h(rename-literal A L) ∈ (rename-clause A C )i show ?thesis unfolding strictly-maximal-literal-def by auto qed lemma renaming-and-selected-part : selected-part UNIV C = rename-clause Sel (validated-part Sel (rename-clause Sel C )) proof show selected-part UNIV C ⊆ rename-clause Sel (validated-part Sel (rename-clause Sel C )) proof
19
fix x assume x ∈ selected-part UNIV C show x ∈ rename-clause Sel (validated-part Sel (rename-clause Sel C )) proof − from hx ∈ selected-part UNIV C i obtain A where x = Neg A and x ∈ C unfolding selected-part-def by auto from hx ∈ C i have rename-literal Sel x ∈ rename-clause Sel C unfolding rename-clause-def by blast show x ∈ rename-clause Sel (validated-part Sel (rename-clause Sel C )) proof cases assume A ∈ Sel from this and hx = Neg Ai have rename-literal Sel x = Pos A unfolding rename-literal-def by auto from this and hA ∈ Sel i have validate-literal Sel (rename-literal Sel x ) by auto from this and hrename-literal Sel x ∈ rename-clause Sel C i have rename-literal Sel x ∈ validated-part Sel (rename-clause Sel C ) unfolding validated-part-def by auto thus x ∈ rename-clause Sel (validated-part Sel (rename-clause Sel C )) using inverse-renaming rename-clause-def by auto next assume A ∈ / Sel from this and hx = Neg Ai have rename-literal Sel x = Neg A unfolding rename-literal-def by auto from this and hA ∈ / Sel i have validate-literal Sel (rename-literal Sel x ) by auto from this and hrename-literal Sel x ∈ rename-clause Sel C i have rename-literal Sel x ∈ validated-part Sel (rename-clause Sel C ) unfolding validated-part-def by auto thus x ∈ rename-clause Sel (validated-part Sel (rename-clause Sel C )) using inverse-renaming rename-clause-def by auto qed qed qed next show rename-clause Sel (validated-part Sel (rename-clause Sel C )) ⊆ (selected-part UNIV C ) proof fix x assume x ∈ rename-clause Sel (validated-part Sel (rename-clause Sel C )) from this obtain y where y ∈ validated-part Sel (rename-clause Sel C ) and x = rename-literal Sel y unfolding rename-clause-def validated-part-def by auto from hy ∈ validated-part Sel (rename-clause Sel C )i have y ∈ rename-clause Sel C and validate-literal Sel y unfolding validated-part-def by auto from hy ∈ rename-clause Sel C i obtain z where z ∈ C and y = rename-literal Sel z unfolding rename-clause-def by auto obtain A where zA: z = Pos A ∨ z = Neg A using Literal .exhaust [of z ] by
20
auto show x ∈ selected-part UNIV C proof cases assume A ∈ Sel from this and zA and hy = rename-literal Sel z i have y = complement z using rename-literal-def by auto from this and hA ∈ Sel i and zA and hvalidate-literal Sel y i have y = Pos A and z = Neg A by auto from this and hA ∈ Sel i and hx = rename-literal Sel y i have x = Neg A unfolding rename-literal-def by auto from this and hz ∈ C i and hz = Neg Ai show x ∈ selected-part UNIV C unfolding selected-part-def by auto next assume A ∈ / Sel from this and zA and hy = rename-literal Sel z i have y = z using rename-literal-def by auto from this and hA ∈ / Sel i and zA and hvalidate-literal Sel y i have y = Neg A and z = Neg A by auto from this and hA ∈ / Sel i and hx = rename-literal Sel y i have x = Neg A unfolding rename-literal-def by auto from this and hz ∈ C i and hz = Neg Ai show x ∈ selected-part UNIV C unfolding selected-part-def by auto qed qed qed lemma renaming-preserves-tautology: assumes tautology C shows tautology (rename-clause Sel C ) proof − from assms obtain A where Pos A ∈ C and Neg A ∈ C unfolding tautology-def by auto from hPos A ∈ C i have rename-literal Sel (Pos A) ∈ rename-clause Sel C unfolding rename-clause-def by auto from hNeg A ∈ C i have rename-literal Sel (Neg A) ∈ rename-clause Sel C unfolding rename-clause-def by auto show ?thesis proof cases assume A ∈ Sel from this have rename-literal Sel (Pos A) = Neg A and rename-literal Sel (Neg A) = (Pos A) unfolding rename-literal-def by auto from hrename-literal Sel (Pos A) = (Neg A)i and hrename-literal Sel (Neg A) = (Pos A)i and hrename-literal Sel (Pos A) ∈ (rename-clause Sel C )i and hrename-literal Sel (Neg A) ∈ (rename-clause Sel C )i show tautology (rename-clause Sel C ) unfolding tautology-def by auto
21
next assume A ∈ / Sel from this have rename-literal Sel (Pos A) = Pos A and rename-literal Sel (Neg A) = (Neg A) unfolding rename-literal-def by auto from hrename-literal Sel (Pos A) = Pos Ai and hrename-literal Sel (Neg A) = (Neg A)i and hrename-literal Sel (Pos A) ∈ rename-clause Sel C i and hrename-literal Sel (Neg A) ∈ rename-clause Sel C i show tautology (rename-clause Sel C ) unfolding tautology-def by auto qed qed lemma rename-union : rename-clause Sel (C ∪ D) = rename-clause Sel C ∪ rename-clause Sel D unfolding rename-clause-def by auto lemma renaming-set-minus-subset : rename-clause Sel (C − { L }) ⊆ rename-clause Sel C − {rename-literal Sel L } proof fix x assume x ∈ rename-clause Sel (C − { L }) then obtain y where y ∈ C − { L } and x = rename-literal Sel y unfolding rename-clause-def by auto from hy ∈ C − { L }i and hx = rename-literal Sel y i have x ∈ rename-clause Sel C unfolding rename-clause-def by auto have x 6= rename-literal Sel L proof assume x = rename-literal Sel L hence rename-literal Sel x = L using inverse-renaming by auto from this and hx = rename-literal Sel y i have y = L using inverse-renaming by auto from this and hy ∈ C − { L }i show False by auto qed from hx 6= rename-literal Sel Li and hx ∈ rename-clause Sel C i show x ∈ (rename-clause Sel C ) − {rename-literal Sel L } by auto qed lemma renaming-set-minus : rename-clause Sel (C − { L }) = (rename-clause Sel C ) − {rename-literal Sel L } proof show rename-clause Sel (C − { L }) ⊆ (rename-clause Sel C ) − {rename-literal Sel L } using renaming-set-minus-subset by auto next show (rename-clause Sel C ) − {rename-literal Sel L } ⊆ rename-clause Sel (C − { L }) proof − have rename-clause Sel ( (rename-clause Sel C ) − { (rename-literal Sel L) })
22
⊆ (rename-clause Sel (rename-clause Sel C )) − {rename-literal Sel (rename-literal Sel L) } using renaming-set-minus-subset by auto from this have rename-clause Sel ( (rename-clause Sel C ) − { (rename-literal Sel L) }) ⊆ (C − {L }) using inverse-renaming inverse-clause-renaming by auto from this have rename-clause Sel (rename-clause Sel ( (rename-clause Sel C ) − { (rename-literal Sel L) })) ⊆ (rename-clause Sel (C − {L })) using rename-clause-def by auto from this show (rename-clause Sel C ) − { (rename-literal Sel L) } ⊆ rename-clause Sel (C − {L }) using inverse-renaming inverse-clause-renaming by auto qed qed definition rename-interpretation :: 0at set ⇒ 0at Interpretation ⇒ 0at Interpretation where rename-interpretation Sel I = { A. (A ∈ I ∧ A ∈ / Sel ) } ∪ { A. (A ∈ / I ∧A∈ Sel ) } lemma renaming-preserves-semantic : assumes validate-literal I L shows validate-literal (rename-interpretation Sel I ) (rename-literal Sel L) proof − let ?J = rename-interpretation Sel I obtain A where L = Pos A ∨ L = Neg A using Literal .exhaust [of L] by auto from hL = Pos A ∨ L = Neg Ai have atom L = A by auto show ?thesis proof cases assume A ∈ Sel from this and hatom L = Ai have rename-literal Sel L = complement L unfolding rename-literal-def by auto show ?thesis proof cases assume L = Pos A from this and hvalidate-literal I Li have A ∈ I by auto from this and hA ∈ Sel i have A ∈ / ?J unfolding rename-interpretation-def by blast from this and hL = Pos Ai and hrename-literal Sel L = complement Li show ?thesis by auto next assume L 6= Pos A from this and hL = Pos A ∨ L = Neg Aihave L = Neg A by auto from this and hvalidate-literal I Li have A ∈ / I by auto from this and hA ∈ Sel i have A ∈ ?J unfolding rename-interpretation-def by blast
23
from this and hL = Neg Ai and hrename-literal Sel L = complement Li show ?thesis by auto qed next assume A ∈ / Sel from this and hatom L = Ai have rename-literal Sel L = L unfolding rename-literal-def by auto show ?thesis proof cases assume L = Pos A from this and hvalidate-literal I Li have A ∈ I by auto from this and hA ∈ / Sel i have A ∈ ?J unfolding rename-interpretation-def by blast from this and hL = Pos Ai and hrename-literal Sel L = Li show ?thesis by auto next assume L 6= Pos A from this and hL = Pos A ∨ L = Neg Aihave L = Neg A by auto from this and hvalidate-literal I Li have A ∈ / I by auto from this and hA ∈ / Sel i have A ∈ / ?J unfolding rename-interpretation-def by blast from this and hL = Neg Ai and hrename-literal Sel L = Li show ?thesis by auto qed qed qed lemma renaming-preserves-satisfiability: assumes satisfiable S shows satisfiable (rename-formula Sel S ) proof − from assms obtain I where validate-formula I S unfolding satisfiable-def by auto let ?J = rename-interpretation Sel I have validate-formula ?J (rename-formula Sel S ) proof (rule ccontr ) assume ¬validate-formula ?J (rename-formula Sel S ) then obtain C where C ∈ S and ¬(validate-clause ?J (rename-clause Sel C )) unfolding rename-formula-def by auto from hC ∈ S i and hvalidate-formula I S i obtain L where L ∈ C and validate-literal I L by auto from hvalidate-literal I Li have validate-literal ?J (rename-literal Sel L) using renaming-preserves-semantic by auto from this and hL ∈ C i and h¬validate-clause ?J (rename-clause Sel C )i show False unfolding rename-clause-def by auto qed from this show ?thesis unfolding satisfiable-def by auto
24
qed lemma renaming-preserves-subsumption: assumes subsumes C D shows subsumes (rename-clause Sel C ) (rename-clause Sel D) using assms unfolding subsumes-def rename-clause-def by auto
6
Soundness
In this section we prove that all the rules introduced in the previous section are sound. We first introduce an abstract notion of soundness. definition Sound :: 0at BinaryRule ⇒ bool where (Sound Rule) ≡ ∀ I P1 P2 C . (Rule P1 P2 C −→ (validate-clause I P1 ) −→ (validate-clause I P2 ) −→ (validate-clause I C )) lemma soundness-and-entailment : assumes Sound Rule assumes Rule P1 P2 C assumes P1 ∈ S assumes P2 ∈ S shows entails S C using Sound-def assms entails-def by auto lemma all-deducible-sound : assumes Sound R shows entails-formula S (all-deducible-clauses R S ) proof (rule ccontr ) assume ¬entails-formula S (all-deducible-clauses R S ) then obtain C where C ∈ all-deducible-clauses R S and ¬ entails S C unfolding entails-formula-def by auto from hC ∈ all-deducible-clauses R S i obtain P1 P2 where R P1 P2 C and P1 ∈ S and P2 ∈ S by auto from hR P1 P2 C iand assms(1 ) and hP1 ∈ S i and hP2 ∈ S i and h¬ entails S Ci show False using soundness-and-entailment by auto qed lemma add-all-deducible-sound : assumes Sound R shows entails-formula S (add-all-deducible-clauses R S ) by (metis UnE add-all-deducible-clauses.simps all-deducible-sound assms entails-formula-def entails-member )
If a rule is more restrictive than a sound rule then it is necessarily sound. lemma less-restrictive-correct:
25
assumes less-restrictive R1 R2 assumes Sound R1 shows Sound R2 using assms unfolding less-restrictive-def Sound-def by blast
We finally establish usual concrete soundness results. theorem resolution-is-correct: (Sound resolvent) proof (rule ccontr ) assume ¬ (Sound resolvent) then obtain I P1 P2 C where resolvent P1 P2 C validate-clause I P1 validate-clause I P2 and ¬validate-clause IC unfolding Sound-def by blast from hresolvent P1 P2 C i obtain A where (Pos A) ∈ P1 and (Neg A) ∈ P2 and C = ( (P1 − { Pos A}) ∪ (P2 − { Neg A })) unfolding resolvent-def by auto show False proof cases assume A ∈ I hence ¬validate-literal I (Neg A) by auto from h¬validate-literal I (Neg A)i and hvalidate-clause I P2 i have validate-clause I (P2 − { Neg A }) by auto from hvalidate-clause I (P2 − { Neg A })i and hC = ( (P1 − { Pos A}) ∪ (P2 − { Neg A }))i and h¬validate-clause I C i show False by auto next assume A ∈ / I hence ¬validate-literal I (Pos A) by auto from h¬validate-literal I (Pos A)i and hvalidate-clause I P1 i have validate-clause I (P1 − { Pos A }) by auto from hvalidate-clause I (P1 − { Pos A })i and hC = ( (P1 − { Pos A}) ∪ (P2 − { Neg A }))i and h¬validate-clause I C i show False by auto qed qed theorem ordered-resolution-correct : Sound ordered-resolvent using resolution-is-correct and ordered-resolvent-is-resolvent less-restrictive-correct by auto theorem ordered-model-resolution-correct : Sound (ordered-model-resolvent I ) using resolution-is-correct ordered-model-resolvent-is-resolvent less-restrictive-correct by auto theorem ordered-positive-resolution-correct : Sound ordered-positive-resolvent using less-restrictive-correct positive-resolvent-is-resolvent resolution-is-correct by
26
auto theorem ordered-negative-resolution-correct : Sound ordered-negative-resolvent using less-restrictive-correct negative-resolvent-is-resolvent resolution-is-correct by auto theorem unit-resolvent-correct : Sound unit-resolvent using less-restrictive-correct resolution-is-correct unit-resolvent-is-resolvent by auto
7
Refutational Completeness
In this section we establish the refutational completeness of the previous inference rules (under adequate restrictions for the unit resolution rule). Completeness is proven w.r.t. redundancy elimination rules, i.e., we show that every saturated unsatisfiable clause set contains the empty clause. We first introduce an abstract notion of saturation. definition saturated-binary-rule :: 0a BinaryRule ⇒ 0a Formula ⇒ bool where (saturated-binary-rule Rule S ) ≡ (∀ P1 P2 C . (((P1 ∈ S ) ∧ (P2 ∈ S ) ∧ (Rule P1 P2 C ))) −→ redundant C S ) definition Complete :: 0at BinaryRule ⇒ bool where (Complete Rule) = (∀ S . ((saturated-binary-rule Rule S ) −→ (all-fulfill finite S ) −→ ({} ∈ / S ) −→ satisfiable S ))
If a set of clauses is saturated under some rule then it is necessarily saturated under more restrictive rules, which entails that if a rule is less restrictive than a complete rule then it is also complete. lemma less-restrictive-saturated : assumes less-restrictive R1 R2 assumes saturated-binary-rule R1 S shows saturated-binary-rule R2 S using assms unfolding less-restrictive-def Complete-def saturated-binary-rule-def by blast lemma less-restrictive-complete: assumes less-restrictive R1 R2 assumes Complete R2 shows Complete R1 using assms less-restrictive-saturated Complete-def by auto
27
7.1
Ordered Resolution
We define a function associating every set of clauses S with a “canonic” interpretation constructed from S. If S is saturated under ordered resolution and does not contain the empty clause then the interpretation is a model of S. The interpretation is defined by mean of an auxiliary function that maps every atom to a function indicating whether the atom occurs in the interpretation corresponding to a given clause set. The auxiliary function is defined by induction on the set of atoms. function canonic-int-fun-ordered :: 0at ⇒ ( 0at Formula ⇒ bool ) where (canonic-int-fun-ordered A) = (λS . (∃ C . (C ∈ S ) ∧ (strictly-maximal-literal C (Pos A) ) ∧ ( ∀ B . ( Pos B ∈ C −→ (B , A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) S ))) ∧ ( ∀ B . ( Neg B ∈ C −→ (B , A) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) S ))))) by auto termination apply (relation atom-ordering) by auto (simp add : atom-ordering-wf ) definition canonic-int-ordered :: 0at Formula ⇒ 0at Interpretation where (canonic-int-ordered S ) = { A. ((canonic-int-fun-ordered A) S ) }
We first prove that the canonic interpretation validates every clause having a positive strictly maximal literal lemma int-validate-cl-with-pos-max : assumes strictly-maximal-literal C (Pos A) assumes C ∈ S shows validate-clause (canonic-int-ordered S ) C proof cases assume c1 : (∀ B . ( Pos B ∈ C −→ (B , A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) S ))) show ?thesis proof cases assume c2 : ( ∀ B . ( Neg B ∈ C −→ (B , A) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) S ))) have ((canonic-int-fun-ordered A) S ) proof (rule ccontr ) assume ¬ ((canonic-int-fun-ordered A) S ) from h¬ ((canonic-int-fun-ordered A) S )i have e: ¬ (∃ C . (C ∈ S ) ∧ (strictly-maximal-literal C (Pos A) ) ∧ ( ∀ B . ( Pos B ∈ C −→ (B , A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) S ))) ∧ ( ∀ B . ( Neg B ∈ C −→ (B , A) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) S )))) by ((simp only:canonic-int-fun-ordered .simps[of A]), blast)
28
from e and c1 and c2 and h(C ∈ S )iand h(strictly-maximal-literal C (Pos A))i show False by blast qed from h((canonic-int-fun-ordered A) S )i have A ∈ (canonic-int-ordered S ) unfolding canonic-int-ordered-def by blast from hA ∈ (canonic-int-ordered S )i and h(strictly-maximal-literal C (Pos A))i show ?thesis unfolding strictly-maximal-literal-def by auto next assume not-c2 : ¬( ∀ B . ( Neg B ∈ C −→ (B , A) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) S ))) from not-c2 obtain B where Neg B ∈ C and ¬((canonic-int-fun-ordered B) S) by blast from h¬ ((canonic-int-fun-ordered B ) S )i have B ∈ / (canonic-int-ordered S ) unfolding canonic-int-ordered-def by blast with hNeg B ∈ C i show ?thesis by auto qed next assume not-c1 : ¬(∀ B . ( Pos B ∈ C −→ (B , A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) S ))) from not-c1 obtain B where Pos B ∈ C and ((canonic-int-fun-ordered B ) S) by blast from h((canonic-int-fun-ordered B ) S )i have B ∈ (canonic-int-ordered S ) unfolding canonic-int-ordered-def by blast with hPos B ∈ C i show ?thesis by auto qed lemma strictly-maximal-literal-exists : ∀ C . (((finite C ) ∧ (card C ) = n ∧ n 6= 0 ∧ (¬ (tautology C )))) −→ (∃ A. (strictly-maximal-literal C A)) (is ?P n) proof (induction n) show (?P 0 ) by auto next fix n assume ?P n show ?P (Suc n) proof fix C show (finite C ∧ card C = Suc n ∧ Suc n 6= 0 ∧ ¬ (tautology C )) −→ (∃ A. (strictly-maximal-literal C A)) proof assume finite C ∧ card C = Suc n ∧ Suc n 6= 0 ∧ ¬(tautology C ) hence (finite C ) and (card C ) = (Suc n) and (¬ (tautology C )) by auto
29
have C 6= {} proof assume C = {} from hfinite C i and hC = {}i have card C = 0 using card-0-eq by auto from hcard C = 0 i and hcard C = Suc n i show False by auto qed then obtain L where L ∈ C by auto from h¬tautology C i have ¬tautology (C − { L }) using tautology-monotonous by auto from hL ∈ C i and hfinite C i have Suc (card (C − { L })) = card C using card-Suc-Diff1 by metis with hcard C = Suc n i have card (C − { L }) = n by auto show ∃ A. (strictly-maximal-literal C A) proof cases assume card C = 1 from this and hcard C = Suc n i have n = 0 by auto from this and hfinite C i and hcard (C − { L }) = n i have C − { L } = {} using card-0-eq by auto from this and hL ∈ C i show ?thesis unfolding strictly-maximal-literal-def by auto next assume card C 6= 1 from hfinite C i have finite (C − { L }) by auto from hSuc (card (C − { L })) = card C i and hcard C 6= 1 i and h(card (C − { L })) = n i have n 6= 0 by auto from this and hfinite (C − { L })i and hcard (C − { L }) = n i and h¬tautology (C − { L })i and h?P n i obtain A where strictly-maximal-literal (C − { L }) A by metis show ∃ M . strictly-maximal-literal C M proof cases assume (atom L, atom A) ∈ atom-ordering from this have literal-ordering L A by auto from this and hstrictly-maximal-literal (C − { L }) Ai have strictly-maximal-literal C A unfolding strictly-maximal-literal-def by blast thus ?thesis by auto next assume (atom L, atom A) ∈ / atom-ordering have l-cases: L = (Pos (atom L)) ∨ L = (Neg (atom L)) by ((rule atom-property [of (atom L)]), auto) have a-cases: A = (Pos (atom A)) ∨ A = (Neg (atom A)) by ((rule atom-property [of (atom A)]), auto) from l-cases and a-cases andh(strictly-maximal-literal (C − { L }) A)i and h¬ (tautology C )i and hL ∈ C i
30
have atom L 6= atom A unfolding strictly-maximal-literal-def and tautology-def by auto from this and h(atom L, atom A) ∈ / atom-ordering i and atom-ordering-total have (atom A,atom L) ∈ atom-ordering by auto hence literal-ordering A L by auto from this and hL ∈ C i and hstrictly-maximal-literal (C − { L }) Ai and literal-ordering-trans have strictly-maximal-literal C L unfolding strictly-maximal-literal-def unfolding strictly-maximal-literal-def by blast thus ?thesis by auto qed qed qed qed qed
We then deduce that all clauses are validated. lemma canonic-int-validates-all-clauses : assumes saturated-binary-rule ordered-resolvent S assumes all-fulfill finite S assumes {} ∈ / S assumes C ∈ S shows validate-clause (canonic-int-ordered S ) C proof cases assume (tautology C ) thus ?thesis using tautologies-are-valid [of C (canonic-int-ordered S )] by auto next assume ¬tautology C from hall-fulfill finite S i and hC ∈ S i have finite C using all-fulfill-def by auto from h{} ∈ / S i and hC ∈ S i and hfinite C i have card C 6= 0 using card-0-eq by auto from h¬tautology C i and hfinite C i and hcard C 6= 0 i obtain L where strictly-maximal-literal C L using strictly-maximal-literal-exists by blast obtain A where A = atom L by auto have inductive-lemma: ∀ C L. ((C ∈ S ) −→ (strictly-maximal-literal C L) −→ (A = (atom L)) −→ (validate-clause (canonic-int-ordered S ) C )) (is (?Q A)) proof ((rule wf-induct [of atom-ordering ?Q A]),(rule atom-ordering-wf )) next fix x assume hyp-induct: ∀ y. (y,x ) ∈ atom-ordering −→ (?Q y) show ?Q x proof (rule)+ fix C L assume C ∈ S strictly-maximal-literal C L x = (atom L)
31
show validate-clause (canonic-int-ordered S ) C proof cases assume L = Pos x from hL = Pos x i and hstrictly-maximal-literal C Li and hC ∈ S i show validate-clause (canonic-int-ordered S ) C using int-validate-cl-with-pos-max by auto next assume L 6= Pos x have L = (Neg x ) using hL 6= Pos x i hx = atom Li atom-property by fastforce show (validate-clause (canonic-int-ordered S ) C ) proof (rule ccontr ) assume ¬ (validate-clause(canonic-int-ordered S ) C ) from h(L = (Neg x ))i and h(strictly-maximal-literal C L)i and h(¬ (validate-clause (canonic-int-ordered S ) C ))i have x ∈ canonic-int-ordered S unfolding strictly-maximal-literal-def by auto from hx ∈ canonic-int-ordered S i have (canonic-int-fun-ordered x ) S unfolding canonic-int-ordered-def by blast from h(canonic-int-fun-ordered x ) S i have (∃ C . (C ∈ S ) ∧ (strictly-maximal-literal C (Pos x ) ) ∧ ( ∀ B . ( Pos B ∈ C −→ (B , x ) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) S ))) ∧ ( ∀ B . ( Neg B ∈ C −→ (B , x ) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) S )))) by (simp only: canonic-int-fun-ordered .simps [of x ]) then obtain D where (D ∈ S ) and (strictly-maximal-literal D (Pos x )) and a: ( ∀ B . ( Pos B ∈ D −→ (B , x ) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) S ))) and b: ( ∀ B . ( Neg B ∈ D −→ (B , x ) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) S ))) by blast obtain R where R = (resolvent-upon D C x ) by auto from hR = resolvent-upon D C x i and hstrictly-maximal-literal D (Pos i x) and hstrictly-maximal-literal C Li and hL = (Neg x )i have resolvent D CR unfolding strictly-maximal-literal-def using resolvent-upon-is-resolvent by auto from hR = resolvent-upon D C x i and hstrictly-maximal-literal D (Pos x )i and hstrictly-maximal-literal C Li and hL = Neg x i have ordered-resolvent D C R using ordered-resolvent-upon-is-resolvent by auto have ¬ validate-clause (canonic-int-ordered S ) R proof
32
assume validate-clause (canonic-int-ordered S ) R from hvalidate-clause (canonic-int-ordered S ) R i obtain M where (M ∈ R) and validate-literal (canonic-int-ordered S ) M by auto from hM ∈ R i and hR = resolvent-upon D C x i have (M ∈ (D − { Pos x })) ∨ (M ∈ (C − { Neg x })) by auto thus False proof assume M ∈ (D − { Pos x }) show False proof cases assume ∃ AA. M = (Pos AA) from this obtain AA where M = Pos AA by auto from hM ∈ D − { Pos x }i and hstrictly-maximal-literal D (Pos x )i and h(M = Pos AA)i have (AA,x ) ∈ atom-ordering unfolding strictly-maximal-literal-def by auto from a and h(AA,x ) ∈ atom-ordering i and hM = (Pos AA)i and M ∈ (D − { Pos x })i have ¬(canonic-int-fun-ordered AA) S by blast from h¬(canonic-int-fun-ordered AA) S i have AA ∈ / canonic-int-ordered S unfolding canonic-int-ordered-def by blast from hAA ∈ / canonic-int-ordered S i and hM = Pos AAi h and validate-literal (canonic-int-ordered S ) M i show False by auto next assume ¬(∃ AA. M = (Pos AA)) obtain AA where M = (Pos AA) ∨ M = (Neg AA) using Literal .exhaust [of M ] by auto from this and h¬(∃ AA. M = (Pos AA))i have M = (Neg AA) by auto from hM ∈ (D − { Pos x })i and hstrictly-maximal-literal D (Pos i x) and hM = (Neg AA)i have (AA,x ) ∈ atom-ordering unfolding strictly-maximal-literal-def by auto from b and h(AA,x ) ∈ atom-ordering i and hM = (Neg AA)i and hM ∈ (D − { Pos x })i have (canonic-int-fun-ordered AA) S by blast from h(canonic-int-fun-ordered AA) S i have AA ∈ canonic-int-ordered S unfolding canonic-int-ordered-def by blast from hAA ∈ canonic-int-ordered S i and hM = (Neg AA)i and hvalidate-literal (canonic-int-ordered S ) M i show False by auto qed next assume M ∈ (C − { Neg x }) h
33
from h¬validate-clause(canonic-int-ordered S ) C i and hM ∈ (C − { Neg x })i and hvalidate-literal (canonic-int-ordered S ) M i show False by auto qed qed from h¬validate-clause (canonic-int-ordered S ) R i have ¬tautology R using tautologies-are-valid by auto from hordered-resolvent D C R i and hD ∈ S i and hC ∈ S i and hsaturated-binary-rule ordered-resolvent S i have redundant R S unfolding saturated-binary-rule-def by auto from this and h¬tautology R i obtain R 0 where R 0 ∈ S and subsumes R0 R unfolding redundant-def by auto from hR = resolvent-upon D C x i and hstrictly-maximal-literal D (Pos x )i and hstrictly-maximal-literal C Li and hL = (Neg x )i have resolvent D C R unfolding strictly-maximal-literal-def using resolvent-upon-is-resolvent by auto from hall-fulfill finite S i and hC ∈ S i have finite C using all-fulfill-def by auto from hall-fulfill finite S i and hD ∈ S i have finite D using all-fulfill-def by auto from hfinite C i and hfinite D i and h(resolvent D C R)i have finite R using resolvent-is-finite unfolding derived-clauses-are-finite-def by blast from hfinite R i and hsubsumes R 0 R i have finite R 0 unfolding subsumes-def using finite-subset by auto from hR 0 ∈ S i and h{} ∈ / S i and h(subsumes R 0 R)i have R 0 6= {} unfolding subsumes-def by auto from hfinite R 0i and hR 0 6= {}i have card R 0 6= 0 using card-0-eq by auto from hsubsumes R 0 R i and h¬tautology R i have ¬tautology R 0 unfolding subsumes-def using tautology-monotonous by auto from h¬tautology R 0i and hfinite R 0i and hcard R 0 6= 0 i obtain LR 0 where strictly-maximal-literal R 0 LR 0 using strictly-maximal-literal-exists by blast from hfinite R i and hfinite R 0i and hcard R 0 6= 0 i and hsubsumes R 0 R i have card R 6= 0 unfolding subsumes-def by auto from h¬tautology R i and hfinite R i and hcard R 6= 0 i obtain LR where strictly-maximal-literal R LR using strictly-maximal-literal-exists by blast obtain AR and AR 0 where AR = atom LR and AR 0 = atom LR 0 by auto from hsubsumes R 0 R i and hAR = atom LR i and hAR 0 = atom LR 0i and h(strictly-maximal-literal R LR)i and h(strictly-maximal-literal R 0 LR 0)i have (AR 0 = AR) ∨ (AR 0,AR)
34
∈ atom-ordering using subsumption-and-max-literal by auto from hR = (resolvent-upon D C x )i and hAR = atom LR i and hstrictly-maximal-literal R LR i and hstrictly-maximal-literal D (Pos x )i and hstrictly-maximal-literal C Li and hL = (Neg x )i have (AR,x ) ∈ atom-ordering using resolution-and-max-literal by auto from h(AR,x ) ∈ atom-ordering i and h(AR 0 = AR) ∨ (AR 0,AR) ∈ atom-ordering i have (AR 0,x ) ∈ atom-ordering using atom-ordering-trans by auto from this and hyp-induct and hR 0 ∈ S i and hstrictly-maximal-literal R 0 0i LR and hAR 0 = atom LR 0i have validate-clause (canonic-int-ordered S ) 0 R by auto from this and hsubsumes R 0 R i and h¬validate-clause (canonic-int-ordered i S) R show False using subsumption-and-semantics by blast qed qed qed qed from inductive-lemma and hC ∈ S i and hstrictly-maximal-literal C Li and hA = atom Li show ?thesis by blast qed theorem ordered-resolution-is-complete : Complete ordered-resolvent proof (rule ccontr ) assume ¬ Complete ordered-resolvent then obtain S where saturated-binary-rule ordered-resolvent S and all-fulfill finite S and {} ∈ / S and ¬satisfiable S unfolding Complete-def by auto have validate-formula (canonic-int-ordered S ) S proof (rule ccontr ) assume ¬validate-formula (canonic-int-ordered S ) S from this obtain C where C ∈ S and ¬validate-clause (canonic-int-ordered S ) C by auto from hsaturated-binary-rule ordered-resolvent S i and hall-fulfill finite S i and h{} ∈ / Si and hC ∈ S i and h¬validate-clause (canonic-int-ordered S ) C i show False using canonic-int-validates-all-clauses by auto qed from hvalidate-formula (canonic-int-ordered S ) S i and h¬satisfiable S i show False unfolding satisfiable-def by blast qed
35
7.2
Ordered Resolution with Selection
We now consider the case where some negative literals are considered with highest priority. The proof reuses the canonic interpretation defined in the previous section. The interpretation is constructed using only clauses with no selected literals. By the previous result, all such clauses must be satisfied. We then show that the property carries over to the clauses with non empty selected part. definition empty-selected-part Sel S = { C . C ∈ S ∧ (selected-part Sel C ) = {} } lemma saturated-ordered-sel-res-empty-sel : assumes saturated-binary-rule (ordered-sel-resolvent Sel ) S shows saturated-binary-rule ordered-resolvent (empty-selected-part Sel S ) proof − show ?thesis proof (rule ccontr ) assume ¬saturated-binary-rule ordered-resolvent (empty-selected-part Sel S ) then obtain P1 and P2 and C where P1 ∈ empty-selected-part Sel S and P2 ∈ empty-selected-part Sel S and ordered-resolvent P1 P2 C and ¬redundant C (empty-selected-part Sel S ) unfolding saturated-binary-rule-def by auto from hordered-resolvent P1 P2 C i obtain A where C = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A })) and strictly-maximal-literal P1 (Pos A) and strictly-maximal-literal P2 (Neg A) unfolding ordered-resolvent-def by auto from hP1 ∈ empty-selected-part Sel S i have selected-part Sel P1 = {} unfolding empty-selected-part-def by auto from hP2 ∈ empty-selected-part Sel S i have selected-part Sel P2 = {} unfolding empty-selected-part-def by auto from hC = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A }))i and hstrictly-maximal-literal P1 (Pos A)i and hstrictly-maximal-literal P2 (Neg A)i and h(selected-part Sel P1 ) = {}i and hselected-part Sel P2 = {}i have ordered-sel-resolvent Sel P1 P2 C unfolding ordered-sel-resolvent-def by auto from hsaturated-binary-rule (ordered-sel-resolvent Sel ) S i have ∀ P1 P2 C . (P1 ∈ S ∧ P2 ∈ S ∧ (ordered-sel-resolvent Sel P1 P2 C )) −→ redundant C S unfolding saturated-binary-rule-def by auto from this and hP1 ∈ (empty-selected-part Sel S )i and hP2 ∈ (empty-selected-part Sel S )i and hordered-sel-resolvent Sel P1 P2 C i have tautology C ∨ (∃ D. D ∈ S ∧ subsumes D C ) unfolding empty-selected-part-def redundant-def by auto from this and htautology C ∨ (∃ D. D ∈ S ∧ subsumes D C )i and h¬redundant C (empty-selected-part Sel S )i
36
obtain D where D ∈ S and subsumes D C and D ∈ / empty-selected-part Sel S unfolding redundant-def by auto from hD ∈ / empty-selected-part Sel S i and hD ∈ S i obtain B where B ∈ Sel and Neg B ∈ D unfolding empty-selected-part-def selected-part-def by auto from hNeg B ∈ D i this and hsubsumes D C i have Neg B ∈ C unfolding subsumes-def by auto from this and hC = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A }))i have Neg B ∈ (P1 ∪ P2 ) by auto from hNeg B ∈ (P1 ∪ P2 )i and hP1 ∈ empty-selected-part Sel S i and hP2 ∈ empty-selected-part Sel S i and hB ∈ Sel i show False unfolding empty-selected-part-def selected-part-def by auto qed qed definition ordered-sel-resolvent-upon :: 0at set ⇒ 0at Clause ⇒ 0at Clause ⇒ 0at Clause ⇒ 0at ⇒ bool where ordered-sel-resolvent-upon Sel P1 P2 C A ≡ (((C = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A }))) ∧ (strictly-maximal-literal P1 (Pos A)) ∧ ((selected-part Sel P1 ) = {}) ∧ ( ((strictly-maximal-literal P2 (Neg A)) ∧ (selected-part Sel P2 ) = {}) ∨ (strictly-maximal-literal (selected-part Sel P2 ) (Neg A))))) lemma ordered-sel-resolvent-upon-is-resolvent: assumes ordered-sel-resolvent-upon Sel P1 P2 C A shows ordered-sel-resolvent Sel P1 P2 C using assms unfolding ordered-sel-resolvent-upon-def and ordered-sel-resolvent-def by auto lemma resolution-decreases-selected-part: assumes ordered-sel-resolvent-upon Sel P1 P2 C A assumes Neg A ∈ P2 assumes finite P1 assumes finite P2 assumes card (selected-part Sel P2 ) = Suc n shows card (selected-part Sel C ) = n proof − from hfinite P2 i have finite (selected-part Sel P2 ) unfolding selected-part-def by auto from hcard (selected-part Sel P2 ) = (Suc n)i have card (selected-part Sel P2 ) 6= 0 by auto from this and hfinite (selected-part Sel P2 )i have selected-part Sel P2 6= {} using card-0-eq by auto from this and hordered-sel-resolvent-upon Sel P1 P2 C Ai have C = (P1 − { Pos A}) ∪ ( P2 − { Neg A }) and selected-part Sel P1 = {} and strictly-maximal-literal (selected-part Sel P2 ) (Neg A)
37
unfolding ordered-sel-resolvent-upon-def by auto from hstrictly-maximal-literal (selected-part Sel P2 ) (Neg A)i have Neg A ∈ selected-part Sel P2 unfolding strictly-maximal-literal-def by auto from this have A ∈ Sel unfolding selected-part-def by auto from hselected-part Sel P1 = {}i have selected-part Sel (P1 − { Pos A}) = {} unfolding selected-part-def by auto from hNeg A ∈ (selected-part Sel P2 )i have selected-part Sel (P2 − { Neg A}) = (selected-part Sel P2 ) − { Neg A } unfolding selected-part-def by auto from hC = ( (P1 − { Pos A}) ∪ ( P2 − { Neg A }))i have selected-part Sel C = (selected-part Sel (P1 − { Pos A})) ∪ (selected-part Sel (P2 − { Neg A})) unfolding selected-part-def by auto from this and hselected-part Sel (P1 − { Pos A}) = {}i and hselected-part Sel (P2 − { Neg A}) = selected-part Sel P2 − { Neg A }i have selected-part Sel C = selected-part Sel P2 − { Neg A } by auto from hNeg A ∈ P2 i and hA ∈ Sel i have Neg A ∈ selected-part Sel P2 unfolding selected-part-def by auto from this and hselected-part Sel C = (selected-part Sel P2 ) − { Neg A }i and hfinite (selected-part Sel P2 )i have card (selected-part Sel C ) = card (selected-part Sel P2 ) − 1 by auto from this and hcard (selected-part Sel P2 ) = Suc n i show ?thesis by auto qed lemma canonic-int-validates-all-clauses-sel : assumes saturated-binary-rule (ordered-sel-resolvent Sel ) S assumes all-fulfill finite S assumes {} ∈ / S assumes C ∈ S shows validate-clause (canonic-int-ordered (empty-selected-part Sel S )) C proof − let ?nat-order = { (x ::nat,y::nat). x < y} let ?SE = empty-selected-part Sel S let ?I = canonic-int-ordered ?SE obtain n where n = card (selected-part Sel C ) by auto have ∀ C . card (selected-part Sel C ) = n −→ C ∈ S −→ validate-clause ?I C (is ?P n) proof ((rule wf-induct [of ?nat-order ?P n]), (simp add :wf )) next fix n assume ind-hyp: ∀ m. (m,n) ∈ ?nat-order −→ (?P m) show (?P n) proof (rule+) fix C assume card (selected-part Sel C ) = n and C ∈ S from hall-fulfill finite S i and hC ∈ S i have finite C unfolding all-fulfill-def by auto from this have finite (selected-part Sel C ) unfolding selected-part-def by auto show validate-clause ?I C
38
proof (rule nat.exhaust [of n]) assume n = 0 from this and hcard (selected-part Sel C ) = n i and hfinite (selected-part Sel C )i have selected-part Sel C = {} by auto from hsaturated-binary-rule (ordered-sel-resolvent Sel ) S i have saturated-binary-rule ordered-resolvent ?SE using saturated-ordered-sel-res-empty-sel by auto from h{} ∈ / S i have {} ∈ / ?SE unfolding empty-selected-part-def by auto from hselected-part Sel C = {}i hC ∈ S i have C ∈ ?SE unfolding empty-selected-part-def by auto from hall-fulfill finite S i have all-fulfill finite ?SE unfolding empty-selected-part-def all-fulfill-def by auto from this and hsaturated-binary-rule ordered-resolvent ?SE i and h{} ∈ / ?SE i h i and C ∈ ?SE show validate-clause ?I C using canonic-int-validates-all-clauses by auto next fix m assume n = Suc m from this and hcard (selected-part Sel C ) = n i have selected-part Sel C 6= {} by auto show validate-clause ?I C proof (rule ccontr ) assume ¬validate-clause ?I C show False proof (cases) assume tautology C from htautology C i and h¬validate-clause ?I C i show False using tautologies-are-valid by auto next assume ¬(tautology C ) hence ¬(tautology (selected-part Sel C )) unfolding selected-part-def tautology-def by auto from hselected-part Sel C 6= {}i and hfinite (selected-part Sel C )i have card (selected-part Sel C ) 6= 0 by auto from this and h¬(tautology (selected-part Sel C ))i and hfinite (selected-part Sel C )i obtain L where strictly-maximal-literal (selected-part Sel C ) L using strictly-maximal-literal-exists [of card (selected-part Sel C )] by blast from hstrictly-maximal-literal (selected-part Sel C ) Li have L ∈ (selected-part Sel C ) and L ∈ C unfolding strictly-maximal-literal-def selected-part-def by auto from this and h¬validate-clause ?I C i have ¬(validate-literal ?I L) by auto from hL ∈ (selected-part Sel C )i obtain A where L = (Neg A) and A ∈ Sel unfolding selected-part-def by auto
39
from h¬(validate-literal ?I L)i and hL = (Neg A)i have A ∈ ?I by auto from this have ((canonic-int-fun-ordered A) ?SE ) unfolding canonic-int-ordered-def by blast have ((∃ C . (C ∈ ?SE ) ∧ (strictly-maximal-literal C (Pos A) ) ∧ ( ∀ B . ( Pos B ∈ C −→ (B , A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) ?SE ))) ∧ ( ∀ B . ( Neg B ∈ C −→ (B , A) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) ?SE ))))) (is ?exp) proof (rule ccontr ) assume ¬ ?exp from this have ¬((canonic-int-fun-ordered A) ?SE ) by ((simp only:canonic-int-fun-ordered .simps [of A]), blast) from this and h(canonic-int-fun-ordered A) ?SE i show False by blast qed then obtain D where D ∈ ?SE and strictly-maximal-literal D (Pos A) and c1 : ( ∀ B . ( Pos B ∈ D −→ (B , A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered B ) ?SE ))) and c2 : ( ∀ B . ( Neg B ∈ D −→ (B , A) ∈ atom-ordering −→ ((canonic-int-fun-ordered B ) ?SE ))) by blast from hD ∈ ?SE i have (selected-part Sel D) = {} and D ∈ S unfolding empty-selected-part-def by auto from hD ∈ ?SE i and hall-fulfill finite S i have finite D unfolding empty-selected-part-def all-fulfill-def by auto let ?R = (D − { Pos A }) ∪ (C − { Neg A }) from hstrictly-maximal-literal D (Pos A)i and hstrictly-maximal-literal (selected-part Sel C ) Li and hL = (Neg A)i and h(selected-part Sel D) = {}i have (ordered-sel-resolvent-upon Sel D C ?R A) unfolding ordered-sel-resolvent-upon-def by auto from this have ordered-sel-resolvent Sel D C ?R by (rule ordered-sel-resolvent-upon-is-resolvent) from h(ordered-sel-resolvent-upon Sel D C ?R A)i h(card (selected-part Sel C )) = n i and hn = Suc m i and hL ∈ C i and hL = (Neg A)i and hfinite D i h i and finite C have card (selected-part Sel ?R) = m using resolution-decreases-selected-part by auto from hordered-sel-resolvent Sel D C ?R i and hD ∈ S iand hC ∈ S i and hsaturated-binary-rule (ordered-sel-resolvent Sel ) S i have redundant ?R S unfolding saturated-binary-rule-def by auto hence tautology ?R ∨ (∃ RR. (RR ∈ S ∧ (subsumes RR ?R))) unfolding redundant-def by auto hence validate-clause ?I ?R proof assume tautology ?R thus validate-clause ?I ?R by (rule tautologies-are-valid )
40
next assume ∃ R 0. R 0 ∈ S ∧ (subsumes R 0 ?R) then obtain R 0 where R 0 ∈ S and subsumes R 0 ?R by auto from hfinite C iand hfinite D i have finite ?R by auto from this have finite (selected-part Sel ?R) unfolding selected-part-def by auto from hsubsumes R 0 ?R i have selected-part Sel R 0 ⊆ selected-part Sel ?R unfolding selected-part-def and subsumes-def by auto from this and hfinite (selected-part Sel ?R)i have card (selected-part Sel R 0) ≤ card (selected-part Sel ?R) using card-mono by auto from this and hcard (selected-part Sel ?R) = m i and hn = Suc m i have card (selected-part Sel R 0) < n by auto from this and ind-hyp and hR 0 ∈ S i have validate-clause ?I R 0 by auto from this and hsubsumes R 0 ?R i show validate-clause ?I ?R using subsumption-and-semantics [of R 0 ?R ?I ] by auto qed from this obtain L 0 where L 0 ∈ ?R and validate-literal ?I L 0 by auto have L 0 ∈ / D − { Pos A } proof assume L 0 ∈ D − { Pos A } from this have L 0 ∈ D by auto let ?A 0 = atom L 0 have L 0 = (Pos ?A 0) ∨ L 0 = (Neg ?A 0) using atom-property [of ?A 0 0 L ] by auto thus False proof assume L 0 = (Pos ?A 0) from this and hstrictly-maximal-literal D (Pos A)i and hL 0 ∈ D − i { Pos A } have (?A 0,A) ∈ atom-ordering unfolding strictly-maximal-literal-def by auto from c1 have c1 0: Pos ?A 0 ∈ D −→ (?A 0, A) ∈ atom-ordering −→ (¬(canonic-int-fun-ordered ?A 0) ?SE ) by blast from hL 0 ∈ D i and hL 0 = Pos ?A 0i have Pos ?A 0 ∈ D by auto from c1 0 and hPos ?A 0 ∈ D i and h(?A 0,A) ∈ atom-ordering i have ¬(canonic-int-fun-ordered ?A 0) ?SE by blast from this have ?A 0 ∈ / ?I unfolding canonic-int-ordered-def by blast from this have ¬(validate-literal ?I (Pos ?A 0)) by auto from this and hL 0 = Pos ?A 0i and hvalidate-literal ?I L 0i show False by auto next assume L 0 = Neg ?A 0 from this and hstrictly-maximal-literal D (Pos A)i and hL 0 ∈ D −
41
{ Pos A }i have (?A 0,A) ∈ atom-ordering unfolding strictly-maximal-literal-def by auto from c2 have c2 0: Neg ?A 0 ∈ D −→ (?A 0, A) ∈ atom-ordering −→ (canonic-int-fun-ordered ?A 0) ?SE by blast from hL 0 ∈ D i and hL 0 = (Neg ?A 0)i have Neg ?A 0 ∈ D by auto from c2 0 and hNeg ?A 0 ∈ D i and h(?A 0,A) ∈ atom-ordering i have (canonic-int-fun-ordered ?A 0) ?SE by blast from this have ?A 0 ∈ ?I unfolding canonic-int-ordered-def by blast from this have ¬validate-literal ?I (Neg ?A 0) by auto from this and hL 0 = Neg ?A 0i and hvalidate-literal ?I L 0i show False by auto qed qed from this and hL 0 ∈ ?R i have L 0 ∈ C by auto from this and hvalidate-literal ?I L 0i and h¬validate-clause ?I C i show False by auto qed qed qed qed qed from h?P n i and hn = card (selected-part Sel C )i and hC ∈ S i show ?thesis by auto qed theorem ordered-resolution-is-complete-ordered-sel : Complete (ordered-sel-resolvent Sel ) proof (rule ccontr ) assume ¬Complete (ordered-sel-resolvent Sel ) then obtain S where saturated-binary-rule (ordered-sel-resolvent Sel ) S and all-fulfill finite S and {} ∈ / S and ¬satisfiable S unfolding Complete-def by auto let ?SE = empty-selected-part Sel S let ?I = canonic-int-ordered ?SE have validate-formula ?I S proof (rule ccontr ) assume ¬(validate-formula ?I S ) from this obtain C where C ∈ S and ¬(validate-clause ?I C ) by auto from hsaturated-binary-rule (ordered-sel-resolvent Sel ) S i and hall-fulfill finite Si and h{} ∈ / S i and hC ∈ S i and h¬(validate-clause ?I C )i show False using canonic-int-validates-all-clauses-sel [of Sel S C ] by auto qed from h(validate-formula ?I S )i and h¬(satisfiable S )i show False
42
unfolding satisfiable-def by blast qed
7.3
Semantic Resolution
We show that under some particular renaming, model resolution simulates ordered resolution where all negative literals are selected, which immediately entails the refutational completeness of model resolution. lemma ordered-res-with-selection-is-model-res : assumes ordered-sel-resolvent UNIV P1 P2 C shows ordered-model-resolvent Sel (rename-clause Sel P1 ) (rename-clause Sel P2 ) (rename-clause Sel C ) proof − from assms obtain A where c-def : C = ((P1 − { Pos A }) ∪ (P2 − { Neg A })) and selected-part UNIV P1 = {} and strictly-maximal-literal P1 (Pos A) and disj : ((strictly-maximal-literal P2 (Neg A)) ∧ (selected-part UNIV P2 ) = {}) ∨ strictly-maximal-literal (selected-part UNIV P2 ) (Neg A) unfolding ordered-sel-resolvent-def by blast have rename-clause Sel ((P1 − { Pos A }) ∪ (P2 − { Neg A })) = (rename-clause Sel (P1 − { Pos A })) ∪ rename-clause Sel (P2 − { (Neg A) }) using rename-union [of Sel P1 − { Pos A } P2 − { Neg A }] by auto from this and c-def have ren-c: (rename-clause Sel C ) = (rename-clause Sel (P1 − { Pos A })) ∪ rename-clause Sel (P2 − { (Neg A) }) by auto have m1 : (rename-clause Sel (P1 − { Pos A })) = (rename-clause Sel P1 ) − { rename-literal Sel (Pos A) } using renaming-set-minus by auto have m2 : rename-clause Sel (P2 − { Neg A }) = (rename-clause Sel P2 ) − { rename-literal Sel (Neg A) } using renaming-set-minus by auto from m1 and m2 and ren-c have rc-def : (rename-clause Sel C ) = ((rename-clause Sel P1 ) − { rename-literal Sel (Pos A) }) ∪ ((rename-clause Sel P2 ) − { rename-literal Sel (Neg A) }) by auto have ¬((strictly-maximal-literal P2 (Neg A)) ∧ (selected-part UNIV P2 ) = {}) proof assume (strictly-maximal-literal P2 (Neg A)) ∧ (selected-part UNIV P2 ) = {} from this have strictly-maximal-literal P2 (Neg A) and selected-part UNIV P2 = {} by auto from hstrictly-maximal-literal P2 (Neg A)i have Neg A ∈ P2 unfolding strictly-maximal-literal-def by auto from this and hselected-part UNIV P2 = {}i show False unfolding selected-part-def by auto
43
qed from this and disj have strictly-maximal-literal (selected-part UNIV P2 ) (Neg A) by auto from this have strictly-maximal-literal (rename-clause Sel (validated-part Sel (rename-clause Sel P2 ))) (Neg A) using renaming-and-selected-part by auto from this have strictly-maximal-literal (rename-clause Sel (rename-clause Sel (validated-part Sel (rename-clause Sel P2 )))) (rename-literal Sel (Neg A)) using renaming-preserves-strictly-maximal-literal by auto from this have p1 : strictly-maximal-literal (validated-part Sel (rename-clause Sel P2 )) (rename-literal Sel (Neg A)) using inverse-clause-renaming by auto from hstrictly-maximal-literal P1 (Pos A)i have p2 : strictly-maximal-literal (rename-clause Sel P1 ) (rename-literal Sel (Pos A)) using renaming-preserves-strictly-maximal-literal by auto from h(selected-part UNIV P1 ) = {}i have rename-clause Sel (validated-part Sel (rename-clause Sel P1 )) = {} using renaming-and-selected-part by auto from this have q: validated-part Sel (rename-clause Sel P1 ) = {} unfolding rename-clause-def by auto have r : rename-literal Sel (Neg A) = complement (rename-literal Sel (Pos A)) unfolding rename-literal-def by auto from r and q and p1 and p2 and rc-def show ordered-model-resolvent Sel (rename-clause Sel P1 ) (rename-clause Sel P2 )(rename-clause Sel C ) using ordered-model-resolvent-def [of Sel rename-clause Sel P1 rename-clause Sel P2 rename-clause Sel C ] by auto qed theorem ordered-resolution-is-complete-model-resolution: Complete (ordered-model-resolvent Sel ) proof (rule ccontr ) assume ¬Complete (ordered-model-resolvent Sel ) then obtain S where saturated-binary-rule (ordered-model-resolvent Sel ) S and {} ∈ / S and all-fulfill finite S and ¬(satisfiable S ) unfolding Complete-def by auto let ?S 0 = rename-formula Sel S have {} ∈ / ?S 0 proof assume {} ∈ ?S 0 then obtain V where V ∈ S and rename-clause Sel V = {} unfolding rename-formula-def by auto from hrename-clause Sel V = {}i have V = {} unfolding rename-clause-def by auto
44
from this and hV ∈ S i and h{} ∈ / S i show False by auto qed from hall-fulfill finite S i have all-fulfill finite ?S 0 unfolding all-fulfill-def rename-formula-def rename-clause-def by auto have saturated-binary-rule (ordered-sel-resolvent UNIV ) ?S 0 proof (rule ccontr ) assume ¬(saturated-binary-rule (ordered-sel-resolvent UNIV ) ?S 0) from this obtain P1 and P2 and C where P1 ∈ ?S 0 and P2 ∈ ?S 0 and ordered-sel-resolvent UNIV P1 P2 C and ¬tautology C and not-subsumed : ∀ D. (D ∈ ?S 0 −→ ¬subsumes D C ) unfolding saturated-binary-rule-def redundant-def by auto from hordered-sel-resolvent UNIV P1 P2 C i have ord-ren: ordered-model-resolvent Sel (rename-clause Sel P1 ) (rename-clause Sel P2 ) (rename-clause Sel C ) using ordered-res-with-selection-is-model-res by auto have ¬tautology (rename-clause Sel C ) using renaming-preserves-tautology inverse-clause-renaming by (metis h¬ tautology C i inverse-clause-renaming renaming-preserves-tautology) from hP1 ∈ ?S 0i have rename-clause Sel P1 ∈ rename-formula Sel ?S 0 unfolding rename-formula-def by auto hence rename-clause Sel P1 ∈ S using inverse-formula-renaming by auto from hP2 ∈ ?S 0i have rename-clause Sel P2 ∈ rename-formula Sel ?S 0 unfolding rename-formula-def by auto hence rename-clause Sel P2 ∈ S using inverse-formula-renaming by auto from h¬tautology (rename-clause Sel C )i and ord-ren and hsaturated-binary-rule (ordered-model-resolvent Sel ) S i and hrename-clause Sel P1 ∈ S i and hrename-clause Sel P2 ∈ S i obtain D 0 where D 0 ∈ S and subsumes D 0 (rename-clause Sel C ) unfolding saturated-binary-rule-def redundant-def by blast from hsubsumes D 0 (rename-clause Sel C )i have subsumes (rename-clause Sel D 0) (rename-clause Sel (rename-clause Sel C )) using renaming-preserves-subsumption by auto hence subsumes (rename-clause Sel D 0) C using inverse-clause-renaming by auto from hD 0 ∈ S i have rename-clause Sel D 0 ∈ ?S 0 unfolding rename-formula-def by auto from this and not-subsumed and hsubsumes (rename-clause Sel D 0) C i show False by auto qed from this and h{} ∈ / ?S 0i and hall-fulfill finite ?S 0i have satisfiable ?S 0 using ordered-resolution-is-complete-ordered-sel unfolding Complete-def by auto hence satisfiable (rename-formula Sel ?S 0) using renaming-preserves-satisfiability by auto from this and h¬satisfiable S i show False using inverse-formula-renaming by auto qed
45
7.4
Positive and Negative Resolution
We show that positive and negative resolution simulate model resolution with some specific interpretation. Then completeness follows from previous results. lemma empty-interpretation-validate : validate-literal {} L = (∃ A. (L = Neg A)) by (meson empty-iff validate-literal .elims(2 ) validate-literal .simps(2 )) lemma universal-interpretation-validate : validate-literal UNIV L = (∃ A. (L = Pos A)) by (meson UNIV-I validate-literal .elims(2 ) validate-literal .simps(1 )) lemma negative-part-lemma: (negative-part C ) = (validated-part {} C ) unfolding negative-part-def validated-part-def using empty-interpretation-validate by blast lemma positive-part-lemma: (positive-part C ) = (validated-part UNIV C ) unfolding positive-part-def validated-part-def using universal-interpretation-validate by blast lemma negative-resolvent-is-model-res: less-restrictive ordered-negative-resolvent (ordered-model-resolvent UNIV ) unfolding ordered-negative-resolvent-def ordered-model-resolvent-def less-restrictive-def using positive-part-lemma by auto lemma positive-resolvent-is-model-res: less-restrictive ordered-positive-resolvent (ordered-model-resolvent {}) unfolding ordered-positive-resolvent-def ordered-model-resolvent-def less-restrictive-def using negative-part-lemma by auto theorem ordered-positive-resolvent-is-complete : Complete ordered-positive-resolvent using ordered-resolution-is-complete-model-resolution less-restrictive-complete positive-resolvent-is-model-res by auto theorem ordered-negative-resolvent-is-complete: Complete ordered-negative-resolvent using ordered-resolution-is-complete-model-resolution less-restrictive-complete negative-resolvent-is-model-res by auto
7.5
Unit Resolution and Horn Renamable Clauses
Unit resolution is complete if the considered clause set can be transformed into a Horn clause set by renaming. This result is proven by showing that unit resolution simulates semantic resolution for Horn-renamable clauses (for
46
some specific interpretation). definition Horn :: 0at Clause ⇒ bool where (Horn C ) = ((card (positive-part C )) ≤ 1 ) definition Horn-renamable-formula :: 0at Formula ⇒ bool where Horn-renamable-formula S = (∃ I . (all-fulfill Horn (rename-formula I S ))) theorem unit-resolvent-complete-for-Horn-renamable-set: assumes saturated-binary-rule unit-resolvent S assumes all-fulfill finite S assumes {} ∈ / S assumes Horn-renamable-formula S shows satisfiable S proof − from hHorn-renamable-formula S i obtain I where all-fulfill Horn (rename-formula I S) unfolding Horn-renamable-formula-def by auto have saturated-binary-rule (ordered-model-resolvent I ) S proof (rule ccontr ) assume ¬saturated-binary-rule (ordered-model-resolvent I ) S then obtain P1 P2 C where ordered-model-resolvent I P1 P2 C and P1 ∈ S and P2 ∈ S and ¬redundant C S unfolding saturated-binary-rule-def by auto from hordered-model-resolvent I P1 P2 C i obtain L where def-c: C = ( (P1 − { L }) ∪ ( P2 − { (complement L) })) and strictly-maximal-literal P1 L and validated-part I P1 = {} and strictly-maximal-literal (validated-part I P2 ) (complement L) unfolding ordered-model-resolvent-def by auto from hstrictly-maximal-literal P1 Li have L ∈ P1 unfolding strictly-maximal-literal-def by auto from hstrictly-maximal-literal (validated-part I P2 ) (complement L)i have complement L ∈ P2 unfolding strictly-maximal-literal-def validated-part-def by auto have selected-part UNIV (rename-clause I P1 ) = rename-clause I (validated-part I (rename-clause I (rename-clause I P1 ))) using renaming-and-selected-part [of rename-clause I P1 I ] by auto then have selected-part UNIV (rename-clause I P1 ) = rename-clause I (validated-part I P1 ) using inverse-clause-renaming by auto from this and hvalidated-part I P1 = {}i have selected-part UNIV (rename-clause I P1 ) = {} unfolding rename-clause-def by auto then have negative-part (rename-clause I P1 ) = {} unfolding selected-part-def negative-part-def by auto from hall-fulfill Horn (rename-formula I S )i and hP1 ∈ S i have Horn (rename-clause I P1 ) unfolding all-fulfill-def and rename-formula-def by auto
47
then have card (positive-part (rename-clause I P1 )) ≤ 1 unfolding Horn-def by auto from hnegative-part (rename-clause I P1 ) = {}i have rename-clause I P1 = (positive-part (rename-clause I P1 )) using decomposition-clause-pos-neg by auto from this and hcard (positive-part (rename-clause I P1 )) ≤ 1 i have card (rename-clause I P1 ) ≤ 1 by auto from hstrictly-maximal-literal P1 Li have P1 6= {} unfolding strictly-maximal-literal-def by auto then have rename-clause I P1 6= {} unfolding rename-clause-def by auto from hall-fulfill finite S i and hP1 ∈ S i have finite P1 unfolding all-fulfill-def by auto then have finite (rename-clause I P1 ) unfolding rename-clause-def by auto from this and hrename-clause I P1 6= {}i have card (rename-clause I P1 ) 6= 0 using card-0-eq by auto from this and hcard (rename-clause I P1 ) ≤ 1 i have card (rename-clause I P1 ) = 1 by auto then have card P1 = 1 using renaming-preserves-cardinality by auto then have Unit P1 unfolding Unit-def using card-image by auto from this and hL ∈ P1 i and hcomplement L ∈ P2 i and def-c have unit-resolvent P1 P2 C unfolding unit-resolvent-def by auto from this and h¬(redundant C S )i and hP1 ∈ S i and hP2 ∈ S i and hsaturated-binary-rule unit-resolvent S i show False unfolding saturated-binary-rule-def by auto qed from this and hall-fulfill finite S i and h{} ∈ / S i show ?thesis using ordered-resolution-is-complete-model-resolution unfolding Complete-def by auto qed
8
Computation of Saturated Clause Sets
We now provide a concrete (rather straightforward) procedure for computing saturated clause sets. Starting from the initial set, we define a sequence of clause sets, where each set is obtained from the previous one by applying the resolution rule in a systematic way, followed by redundancy elimination rules. The algorithm is generic, in the sense that it applies to any binary inference rule. fun inferred-clause-sets :: 0at BinaryRule ⇒ 0at Formula ⇒ nat ⇒ 0at Formula where (inferred-clause-sets R S 0 ) = (simplify S ) | (inferred-clause-sets R S (Suc N )) = (simplify (add-all-deducible-clauses R (inferred-clause-sets R S N )))
The saturated set is constructed by considering the set of persistent clauses, i.e., the clauses that are generated and never deleted.
48
fun saturation :: 0at BinaryRule ⇒ 0at Formula ⇒ 0at Formula where saturation R S = { C . ∃ N . (∀ M . (M ≥ N −→ C ∈ inferred-clause-sets R S M )) }
We prove that all inference rules yield finite clauses. theorem ordered-resolvent-is-finite : derived-clauses-are-finite ordered-resolvent using less-restrictive-and-finite ordered-resolvent-is-resolvent resolvent-is-finite by auto theorem model-resolvent-is-finite : derived-clauses-are-finite (ordered-model-resolvent I) using less-restrictive-and-finite ordered-model-resolvent-is-resolvent resolvent-is-finite by auto theorem positive-resolvent-is-finite : derived-clauses-are-finite ordered-positive-resolvent using less-restrictive-and-finite positive-resolvent-is-resolvent resolvent-is-finite by auto theorem negative-resolvent-is-finite : derived-clauses-are-finite ordered-negative-resolvent using less-restrictive-and-finite negative-resolvent-is-resolvent resolvent-is-finite by auto theorem unit-resolvent-is-finite : derived-clauses-are-finite unit-resolvent using less-restrictive-and-finite unit-resolvent-is-resolvent resolvent-is-finite by auto lemma all-deducible-clauses-are-finite: assumes derived-clauses-are-finite R assumes all-fulfill finite S shows all-fulfill finite (all-deducible-clauses R S ) proof (rule ccontr ) assume ¬all-fulfill finite (all-deducible-clauses R S ) from this obtain C where C ∈ all-deducible-clauses R S and ¬finite C unfolding all-fulfill-def by auto from hC ∈ all-deducible-clauses R S i have ∃ P1 P2 . R P1 P2 C ∧ P1 ∈ S ∧ P2 ∈ S by auto then obtain P1 P2 where R P1 P2 C and P1 ∈ S and P2 ∈ S by auto from hP1 ∈ S i and hall-fulfill finite S i have finite P1 unfolding all-fulfill-def by auto from hP2 ∈ S i and hall-fulfill finite S i have finite P2 unfolding all-fulfill-def by auto from hfinite P1 i and hfinite P2 i and hderived-clauses-are-finite R i and hR P1 P2 C i and h¬finite C i show False unfolding derived-clauses-are-finite-def by metis qed
This entails that all the clauses occurring in the sets in the sequence are finite. 49
lemma all-inferred-clause-sets-are-finite: assumes derived-clauses-are-finite R assumes all-fulfill finite S shows all-fulfill finite (inferred-clause-sets R S N ) proof (induction N ) from assms show all-fulfill finite (inferred-clause-sets R S 0 ) using simplify-finite by auto next fix N assume all-fulfill finite (inferred-clause-sets R S N ) then have all-fulfill finite (all-deducible-clauses R (inferred-clause-sets R S N )) using assms(1 ) all-deducible-clauses-are-finite [of R inferred-clause-sets R S N] by auto from this and hall-fulfill finite (inferred-clause-sets R S N )i have all-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S N )) using all-fulfill-def by auto then show all-fulfill finite (inferred-clause-sets R S (Suc N )) using simplify-finite by auto qed lemma add-all-deducible-clauses-finite: assumes derived-clauses-are-finite R assumes all-fulfill finite S shows all-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S N )) proof − from assms have all-fulfill finite (all-deducible-clauses R (inferred-clause-sets R S N )) using all-deducible-clauses-are-finite [of R inferred-clause-sets R S N ] all-inferred-clause-sets-are-finite [of R S N ] by metis then show all-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S N )) using assms all-fulfill-def all-inferred-clause-sets-are-finite [of R S N ] by auto qed
We show that the set of redundant clauses can only increase. lemma sequence-of-inferred-clause-sets-is-monotonous: assumes derived-clauses-are-finite R assumes all-fulfill finite S shows ∀ C . redundant C (inferred-clause-sets R S N ) −→ redundant C (inferred-clause-sets R S (N +M ::nat)) proof ((induction M ), auto simp del : inferred-clause-sets.simps) fix M C assume ind-hyp: ∀ C . redundant C (inferred-clause-sets R S N ) −→ redundant C (inferred-clause-sets R S (N +M ::nat)) assume redundant C (inferred-clause-sets R S N ) from this and ind-hyp have redundant C (inferred-clause-sets R S (N +M )) by auto then have redundant C (add-all-deducible-clauses R (inferred-clause-sets R S (N +M )))
50
using deducible-clause-preserve-redundancy by auto then have all-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S (N +M ))) using assms add-all-deducible-clauses-finite [of R S N +M ] by auto from hredundant C (inferred-clause-sets R S N )i and ind-hyp have redundant C (inferred-clause-sets R S (N +M )) by auto from hredundant C (inferred-clause-sets R S (N +M ))i have redundant C (add-all-deducible-clauses R (inferred-clause-sets R S (N +M ))) using deducible-clause-preserve-redundancy by blast from this and hall-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S (N +M )))i have redundant C (simplify (add-all-deducible-clauses R (inferred-clause-sets R S (N +M )))) using simplify-preserves-redundancy by auto thus redundant C (inferred-clause-sets R S (Suc (N + M ))) by auto qed
We show that non-persistent clauses are strictly redundant in some element of the sequence. lemma non-persistent-clauses-are-redundant: assumes D ∈ inferred-clause-sets R S N assumes D ∈ / saturation R S assumes all-fulfill finite S assumes derived-clauses-are-finite R shows ∃ M . strictly-redundant D (inferred-clause-sets R S M ) proof (rule ccontr ) assume hyp: ¬(∃ M . strictly-redundant D (inferred-clause-sets R S M )) { fix M have D ∈ (inferred-clause-sets R S (N +M )) proof (induction M ) show D ∈ inferred-clause-sets R S (N +0 ) using assms(1 ) by auto next fix M assume D ∈ inferred-clause-sets R S (N +M ) from this have D ∈ add-all-deducible-clauses R (inferred-clause-sets R S (N +M )) by auto show D ∈ (inferred-clause-sets R S (N +(Suc M ))) proof (rule ccontr ) assume D ∈ / (inferred-clause-sets R S (N +(Suc M ))) from this and hD ∈ add-all-deducible-clauses R (inferred-clause-sets R S (N +M ))i have strictly-redundant D (add-all-deducible-clauses R (inferred-clause-sets R S (N +M ))) using simplify-def by auto then have all-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S (N +M ))) using assms(4 ) assms(3 ) add-all-deducible-clauses-finite [of R S N +M ] by auto
51
from this and hstrictly-redundant D (add-all-deducible-clauses R (inferred-clause-sets R S (N +M )))i have strictly-redundant D (inferred-clause-sets R S (N +(Suc M ))) using simplify-preserves-strict-redundancy by auto from this and hyp show False by blast qed qed } from assms(2 ) and assms(1 ) have ¬(∀ M 0. (M 0 ≥ N −→ D ∈ inferred-clause-sets R S M 0)) by auto from this obtain M 0 where M 0 ≥ N and D ∈ / inferred-clause-sets R S M 0 by auto from hM 0 ≥ N i obtain N 0:: nat where N 0 = M 0 − N by auto have D ∈ inferred-clause-sets R S (N +(M 0−N )) V h by (simp add : M . D ∈ inferred-clause-sets R S (N + M )i) from this and hD ∈ / inferred-clause-sets R S M 0i show False by (simp add : hN 0i ≤M ) qed
This entails that the clauses that are redundant in some set in the sequence are also redundant in the set of persistent clauses. lemma persistent-clauses-subsume-redundant-clauses: assumes redundant C (inferred-clause-sets R S N ) assumes all-fulfill finite S assumes derived-clauses-are-finite R assumes finite C shows redundant C (saturation R S ) proof − let ?nat-order = { (x ::nat,y::nat). x < y} { fix I have ∀ C N . finite C −→ card C = I −→ (redundant C (inferred-clause-sets R S N )) −→ redundant C (saturation R S ) (is ?P I ) proof ((rule wf-induct [of ?nat-order ?P I ]),(simp add :wf )) fix I assume hyp-induct: ∀ J . (J ,I ) ∈ ?nat-order −→ (?P J ) show ?P I proof ((rule allI )+,(rule impI )+) fix C N assume finite C card C = I redundant C (inferred-clause-sets R S N) show redundant C (saturation R S ) proof (cases) assume tautology C then show redundant C (saturation R S ) unfolding redundant-def by auto next assume ¬tautology C from this and hredundant C (inferred-clause-sets R S N )i obtain D where subsumes D C and D ∈ inferred-clause-sets R S N unfolding
52
redundant-def by auto show redundant C (saturation R S ) proof (cases) assume D ∈ saturation R S from this and hsubsumes D C i show redundant C (saturation R S ) unfolding redundant-def by auto next assume D ∈ / saturation R S from assms(2 ) assms(3 ) and hD ∈ inferred-clause-sets R S N i and hD ∈ / saturation R S i obtain M where strictly-redundant D (inferred-clause-sets R S M ) using non-persistent-clauses-are-redundant [of D R S ] by auto from hsubsumes D C i and h¬tautology C i have ¬tautology D unfolding subsumes-def tautology-def by auto from hstrictly-redundant D (inferred-clause-sets R S M )i and h¬tautology Di obtain D 0 where D 0 ⊂ D and D 0 ∈ inferred-clause-sets R S M unfolding strictly-redundant-def by auto from hD 0 ⊂ D i and hsubsumes D C i have D 0 ⊂ C unfolding subsumes-def by auto from hD 0 ⊂ C i and hfinite C i have finite D 0 by (meson psubset-imp-subset rev-finite-subset) from hD 0 ⊂ C i and hfinite C i have card D 0 < card C unfolding all-fulfill-def using psubset-card-mono by auto from this and hcard C = I i have (card D 0,I ) ∈ ?nat-order by auto from hD 0 ∈ inferred-clause-sets R S M i have redundant D 0 (inferred-clause-sets R S M) unfolding redundant-def subsumes-def by auto from hyp-induct and h(card D 0,I ) ∈ ?nat-order i have ?P (card D 0) by force from this and hfinite D 0i and hredundant D 0 (inferred-clause-sets R S M )i have redundant D 0 (saturation R S ) by auto show redundant C (saturation R S ) by (meson hD 0 ⊂ C i hredundant D 0 (saturation R S )i psubset-imp-subset subsumes-def subsumption-preserves-redundancy) qed qed qed qed } then show redundant C (saturation R S ) using assms(1 ) assms(4 ) by blast qed
We deduce that the set of persistent clauses is saturated. theorem persistent-clauses-are-saturated :
53
assumes derived-clauses-are-finite R assumes all-fulfill finite S shows saturated-binary-rule R (saturation R S ) proof (rule ccontr ) let ?S = saturation R S assume ¬saturated-binary-rule R ?S then obtain P1 P2 C where R P1 P2 C and P1 ∈ ?S and P2 ∈ ?S and ¬redundant C ?S unfolding saturated-binary-rule-def by blast from hP1 ∈ ?S i obtain N1 where i : ∀ M . (M ≥ N1 −→ P1 ∈ (inferred-clause-sets R S M )) by auto from hP2 ∈ ?S i obtain N2 where ii : ∀ M . (M ≥ N2 −→ P2 ∈ (inferred-clause-sets R S M )) by auto let ?N = max N1 N2 have ?N ≥ N1 and ?N ≥ N2 by auto from this and i have P1 ∈ inferred-clause-sets R S ?N by metis from h?N ≥ N2 i and ii have P2 ∈ inferred-clause-sets R S ?N by metis from hR P1 P2 C i and hP1 ∈ inferred-clause-sets R S ?N i and hP2 ∈ inferred-clause-sets R S ?N i have C ∈ all-deducible-clauses R ( inferred-clause-sets R S ?N ) by auto from this have C ∈ add-all-deducible-clauses R (inferred-clause-sets R S ?N ) by auto from assms have all-fulfill finite (inferred-clause-sets R S ?N ) using all-inferred-clause-sets-are-finite [of R S ?N ] by auto from assms have all-fulfill finite (add-all-deducible-clauses R (inferred-clause-sets R S ?N )) using add-all-deducible-clauses-finite by auto from this and hC ∈ add-all-deducible-clauses R (inferred-clause-sets R S ?N )i have redundant C (inferred-clause-sets R S (Suc ?N )) using simplify-and-membership [of add-all-deducible-clauses R (inferred-clause-sets R S ?N ) inferred-clause-sets R S (Suc ?N ) C ] by auto have finite P1 using hP1 ∈ inferred-clause-sets R S (max N1 N2 )i hall-fulfill finite (inferred-clause-sets R S (max N1 N2 ))i all-fulfill-def by auto have finite P2 using hP2 ∈ inferred-clause-sets R S (max N1 N2 )i hall-fulfill finite (inferred-clause-sets R S (max N1 N2 ))i all-fulfill-def by auto from hR P1 P2 C i and hfinite P1 i and hfinite P2 i and hderived-clauses-are-finite R i have finite C unfolding derived-clauses-are-finite-def by blast from assms this and hredundant C (inferred-clause-sets R S (Suc ?N ))i have redundant C (saturation R S ) using persistent-clauses-subsume-redundant-clauses [of C R S Suc ?N ]
54
by auto thus False using h¬redundant C ?S i by auto qed
Finally, we show that the computed saturated set is equivalent to the initial formula. theorem saturation-is-correct: assumes Sound R assumes derived-clauses-are-finite R assumes all-fulfill finite S shows equivalent S (saturation R S ) proof − have entails-formula S (saturation R S ) proof (rule ccontr ) assume ¬ entails-formula S (saturation R S ) then obtain C where C ∈ saturation R S and ¬ entails S C unfolding entails-formula-def by auto from hC ∈ saturation R S i obtain N where C ∈ inferred-clause-sets R S N by auto { fix N have entails-formula S (inferred-clause-sets R S N ) proof (induction N ) show entails-formula S (inferred-clause-sets R S 0 ) using assms(3 ) simplify-preserves-semantic validity-implies-entailment by auto next fix N assume entails-formula S (inferred-clause-sets R S N ) from assms(1 ) have entails-formula (inferred-clause-sets R S N ) (add-all-deducible-clauses R (inferred-clause-sets R S N )) using add-all-deducible-sound by auto from this and hentails-formula S (inferred-clause-sets R S N )i have entails-formula S (add-all-deducible-clauses R (inferred-clause-sets R S N )) using entails-transitive [of S inferred-clause-sets R S N add-all-deducible-clauses R (inferred-clause-sets R S N )] by auto have inferred-clause-sets R S (Suc N ) ⊆ add-all-deducible-clauses R (inferred-clause-sets R S N ) using simplify-def by auto then have entails-formula (add-all-deducible-clauses R (inferred-clause-sets R S N )) (inferred-clause-sets R S (Suc N )) using entailment-subset by auto from this and hentails-formula S (add-all-deducible-clauses R (inferred-clause-sets R S N ))i show entails-formula S (inferred-clause-sets R S (Suc N )) using entails-transitive [of S add-all-deducible-clauses R (inferred-clause-sets R S N )]
55
by auto qed } from this and hC ∈ inferred-clause-sets R S N i and h¬ entails S C i show False unfolding entails-formula-def by auto qed have entails-formula (saturation R S ) S proof (rule ccontr ) assume ¬ entails-formula (saturation R S ) S then obtain C where C ∈ S and ¬ entails (saturation R S ) C unfolding entails-formula-def by auto from hC ∈ S i have redundant C S unfolding redundant-def subsumes-def by auto from assms(3 ) and hredundant C S i have redundant C (inferred-clause-sets R S 0) using simplify-preserves-redundancy by auto from assms(3 ) and hC ∈ S i have finite C unfolding all-fulfill-def by auto from hredundant C (inferred-clause-sets R S 0 )i assms(2 ) assms(3 ) hfinite C i have redundant C (saturation R S ) using persistent-clauses-subsume-redundant-clauses [of C R S 0 ] by auto from this and h¬ entails (saturation R S ) C i show False using entails-formula-def redundancy-implies-entailment by auto qed from hentails-formula S (saturation R S )i and hentails-formula (saturation R S ) Si show ?thesis unfolding equivalent-def by auto qed end end
9
Prime Implicates Generation
We show that the unrestricted resolution rule is deductive complete, i.e. that it is able to generate all (prime) implicates of any given clause set. theory Prime-Implicates imports Main HOL.Finite-Set Propositional-Resolution begin context propositional-atoms begin
56
9.1
Implicates and Prime Implicates
We first introduce the definitions of implicates and prime implicates. definition implicates :: 0at Formula ⇒ 0at Formula where implicates S = { C . entails S C } definition prime-implicates :: 0at Formula ⇒ 0at Formula where prime-implicates S = simplify (implicates S )
9.2
Generation of Prime Implicates
We introduce a function simplifying a given clause set by evaluating some literals to false. We show that this partial evaluation operation preserves saturatedness and that if the considered set of literals is an implicate of the initial clause set then the partial evaluation yields a clause set that is unsatisfiable. Then the proof follows from refutational completeness: since the partially evaluated set is unsatisfiable and saturated it must contain the empty clause, and therefore the initial clause set necessarily contains a clause subsuming the implicate. fun partial-evaluation :: 0a Formula ⇒ 0a Literal set ⇒ 0a Formula where (partial-evaluation S C ) = { E . ∃ D. D ∈ S ∧ E = D−C ∧ ¬(∃ L. (L ∈ C ) ∧ (complement L) ∈ D)} lemma partial-evaluation-is-saturated : assumes saturated-binary-rule resolvent S shows saturated-binary-rule ordered-resolvent (partial-evaluation S C ) proof (rule ccontr ) let ?peval = partial-evaluation S C assume ¬saturated-binary-rule ordered-resolvent ?peval from this obtain P1 and P2 and R where P1 ∈ ?peval and P2 ∈ ?peval and ordered-resolvent P1 P2 R and ¬(tautology R) and not-subsumed : ¬(∃ D. ((D ∈ (partial-evaluation S C )) ∧ (subsumes D R))) unfolding saturated-binary-rule-def and redundant-def by auto from hP1 ∈ ?peval i obtain PP1 where PP1 ∈ S and P1 = PP1 − C and i : ¬(∃ L. (L ∈ C ) ∧ (complement L) ∈ PP1 ) by auto from hP2 ∈ ?peval i obtain PP2 where PP2 ∈ S and P2 = PP2 − C and ii : ¬(∃ L. (L ∈ C ) ∧ (complement L) ∈ PP2 ) by auto from h(ordered-resolvent P1 P2 R)i obtain A where r-def : R = (P1 − { Pos A }) ∪ (P2 − { Neg A }) and (Pos A) ∈ P1 and (Neg A) ∈ P2 unfolding ordered-resolvent-def strictly-maximal-literal-def by auto let ?RR = (PP1 − { Pos A }) ∪ (PP2 − { Neg A }) from hP1 = PP1 − C i and h(Pos A) ∈ P1 i have (Pos A) ∈ PP1 by auto from hP2 = PP2 − C i and h(Neg A) ∈ P2 i have (Neg A) ∈ PP2 by auto from r-def and hP1 = PP1 − C i and hP2 = PP2 − C i have R = ?RR − C by auto
57
from h(Pos A) ∈ PP1 i and h(Neg A) ∈ PP2 i have resolvent PP1 PP2 ?RR unfolding resolvent-def by auto with hPP1 ∈ S i and hPP2 ∈ S i and hsaturated-binary-rule resolvent S i have tautology ?RR ∨ (∃ D. (D ∈ S ∧ (subsumes D ?RR))) unfolding saturated-binary-rule-def redundant-def by auto thus False proof assume tautology ?RR with hR = ?RR − C i and h¬tautology R i obtain X where X ∈ C and complement X ∈ PP1 ∪ PP2 unfolding tautology-def by auto from hX ∈ C i and hcomplement X ∈ PP1 ∪ PP2 i and i and ii show False by auto next assume ∃ D. ((D ∈ S ) ∧ (subsumes D ?RR)) from this obtain D where D ∈ S and subsumes D ?RR by auto from hsubsumes D ?RR i and hR = ?RR − C i have subsumes (D − C ) R unfolding subsumes-def by auto from hD ∈ S i and ii and i and h(subsumes D ?RR)i have D − C ∈ ?peval unfolding subsumes-def by auto with hsubsumes (D − C ) R i and not-subsumed show False by auto qed qed lemma evaluation-wrt-implicate-is-unsat : assumes entails S C assumes ¬tautology C shows ¬satisfiable (partial-evaluation S C ) proof let ?peval = partial-evaluation S C assume satisfiable ?peval then obtain I where validate-formula I ?peval unfolding satisfiable-def by auto let ?J = (I − { X . (Pos X ) ∈ C }) ∪ { Y . (Neg Y ) ∈ C } have ¬validate-clause ?J C proof assume validate-clause ?J C then obtain L where L ∈ C and validate-literal ?J L by auto obtain X where L = (Pos X ) ∨ L = (Neg X ) using Literal .exhaust [of L] by auto from hL = (Pos X ) ∨ L = (Neg X )i and hL ∈ C i and h¬tautology C i and hvalidate-literal ?J Li show False unfolding tautology-def by auto qed have validate-formula ?J S proof (rule ccontr ) assume ¬ (validate-formula ?J S ) then obtain D where D ∈ S and ¬(validate-clause ?J D) by auto
58
from hD ∈ S i have D−C ∈ ?peval ∨ (∃ L. (L ∈ C ) ∧ (complement L) ∈ D) by auto thus False proof assume ∃ L. (L ∈ C ) ∧ (complement L) ∈ D then obtain L where L ∈ C and complement L ∈ D by auto obtain X where L = (Pos X ) ∨ L = (Neg X ) using Literal .exhaust [of L] by auto from this and hL ∈ C i and h¬(tautology C )i have validate-literal ?J (complement L) unfolding tautology-def by auto from h(validate-literal ?J (complement L))i and h(complement L) ∈ D i and h¬(validate-clause ?J D)i show False by auto next assume D−C ∈ ?peval from hD−C ∈ ?peval i and h(validate-formula I ?peval )i have validate-clause I (D−C ) using validate-formula.simps by blast from this obtain L where L ∈ D and L ∈ / C and validate-literal I L by auto obtain X where L = (Pos X ) ∨ L = (Neg X ) using Literal .exhaust [of L] by auto from hL = (Pos X ) ∨ L = (Neg X )i and hvalidate-literal I Li and hL ∈ / Ci have validate-literal ?J L unfolding tautology-def by auto from hvalidate-literal ?J Li and hL ∈ D i and h¬(validate-clause ?J D)i show False by auto qed qed from h¬validate-clause ?J C i and hvalidate-formula ?J S i and hentails S C i show False unfolding entails-def by auto qed lemma entailment-and-implicates: assumes entails-formula S1 S2 shows implicates S2 ⊆ implicates S1 using assms entailed-formula-entails-implicates implicates-def by auto lemma equivalence-and-implicates: assumes equivalent S1 S2 shows implicates S1 = implicates S2 using assms entailment-and-implicates equivalent-def by blast lemma equivalence-and-prime-implicates: assumes equivalent S1 S2 shows prime-implicates S1 = prime-implicates S2 using assms equivalence-and-implicates prime-implicates-def by auto
59
lemma unrestricted-resolution-is-deductive-complete : assumes saturated-binary-rule resolvent S assumes all-fulfill finite S assumes C ∈ implicates S shows redundant C S proof ((cases tautology C ),(simp add : redundant-def )) next assume ¬ tautology C have ∃ D. (D ∈ S ) ∧ (subsumes D C ) proof − let ?peval = partial-evaluation S C from hsaturated-binary-rule resolvent S i have saturated-binary-rule ordered-resolvent ?peval using partial-evaluation-is-saturated by auto from hC ∈ implicates S i have entails S C unfolding implicates-def by auto from hentails S C i and h¬tautology C i have ¬satisfiable ?peval using evaluation-wrt-implicate-is-unsat by auto from hall-fulfill finite S i have all-fulfill finite ?peval unfolding all-fulfill-def by auto from h¬satisfiable ?peval i and hsaturated-binary-rule ordered-resolvent ?peval i and hall-fulfill finite ?peval i have {} ∈ ?peval using Complete-def ordered-resolution-is-complete by blast then show ?thesis unfolding subsumes-def by auto qed then show ?thesis unfolding redundant-def by auto qed lemma prime-implicates-generation-correct : assumes saturated-binary-rule resolvent S assumes non-redundant S assumes all-fulfill finite S shows S ⊆ prime-implicates S proof fix x assume x ∈ S show x ∈ prime-implicates S proof (rule ccontr ) assume ¬ x ∈ prime-implicates S from hx ∈ S i have entails S x unfolding entails-def implicates-def by auto then have x ∈ implicates S unfolding implicates-def by auto with h¬ x ∈ (prime-implicates S )i have strictly-redundant x (implicates S ) unfolding prime-implicates-def simplify-def by auto from this have tautology x ∨ (∃ y. (y ∈ (implicates S )) ∧ (y ⊂ x )) unfolding strictly-redundant-def by auto then have strictly-redundant x S proof ((cases tautology x ),(simp add : strictly-redundant-def )) next assume ¬tautology x with htautology x ∨ (∃ y. (y ∈ (implicates S )) ∧ (y ⊂ x ))i obtain y where y ∈ implicates S and y ⊂ x by auto
60
from hy ∈ implicates S i and hsaturated-binary-rule resolvent S i and hall-fulfill finite S i have redundant y S using unrestricted-resolution-is-deductive-complete by auto from hy ⊂ x i and h¬tautology x i have ¬tautology y unfolding tautology-def by auto with hredundant y S i obtain z where z ∈ S and z ⊆ y unfolding redundant-def subsumes-def by auto with hy ⊂ x i have z ⊂ x by auto with hz ∈ S i show strictly-redundant x S using strictly-redundant-def by auto qed with hnon-redundant S i and hx ∈ S i show False unfolding non-redundant-def by auto qed qed theorem prime-implicates-of-saturated-sets: assumes saturated-binary-rule resolvent S assumes all-fulfill finite S assumes non-redundant S shows S = prime-implicates S proof from assms show S ⊆ prime-implicates S using prime-implicates-generation-correct by auto show prime-implicates S ⊆ S proof fix x assume x ∈ prime-implicates S from this have x ∈ implicates S unfolding prime-implicates-def simplify-def by auto with assms have redundant x S using unrestricted-resolution-is-deductive-complete by auto show x ∈ S proof (rule ccontr ) assume x ∈ / S with hredundant x S i have strictly-redundant x S unfolding redundant-def strictly-redundant-def subsumes-def by auto with hS ⊆ prime-implicates S i have strictly-redundant x (prime-implicates S) unfolding strictly-redundant-def by auto then have strictly-redundant x (implicates S ) unfolding strictly-redundant-def prime-implicates-def simplify-def by auto with hx ∈ prime-implicates S i show False unfolding prime-implicates-def simplify-def by auto qed qed qed
61
9.3
Incremental Prime Implicates Computation
We show that it is possible to compute the set of prime implicates incrementally i.e., to fix an ordering among atoms, and to compute the set of resolvents upon each atom one by one, without backtracking (in the sense that if the resolvents upon a given atom are generated at some step i then no resolvents upon the same atom are generated at step i < j. This feature is critical in practice for the efficiency of prime implicates generation algorithms. We first introduce a function computing all resolvents upon a given atom. definition all-resolvents-upon :: 0at Formula ⇒ 0at ⇒ 0at Formula where (all-resolvents-upon S A) = { C . ∃ P1 P2 . P1 ∈ S ∧ P2 ∈ S ∧ C = (resolvent-upon P1 P2 A) } lemma resolvent-upon-correct: assumes P1 ∈ S assumes P2 ∈ S assumes C = resolvent-upon P1 P2 A shows entails S C proof cases assume Pos A ∈ P1 ∧ Neg A ∈ P2 with hC = resolvent-upon P1 P2 Ai have resolvent P1 P2 C unfolding resolvent-def by auto with hP1 ∈ S i and hP2 ∈ S i show ?thesis using soundness-and-entailment resolution-is-correct by auto next assume ¬ (Pos A ∈ P1 ∧ Neg A ∈ P2 ) with hC = resolvent-upon P1 P2 Ai have P1 ⊆ C ∨ P2 ⊆ C by auto with hP1 ∈ S i and hP2 ∈ S i have redundant C S unfolding redundant-def subsumes-def by auto then show ?thesis using redundancy-implies-entailment by auto qed lemma all-resolvents-upon-is-finite: assumes all-fulfill finite S shows all-fulfill finite (S ∪ (all-resolvents-upon S A)) using assms unfolding all-fulfill-def all-resolvents-upon-def by auto lemma atoms-formula-resolvents: shows atoms-formula (all-resolvents-upon S A) ⊆ atoms-formula S unfolding all-resolvents-upon-def by auto
We define a partial saturation predicate that is restricted to a specific atom. definition partial-saturation :: 0at Formula ⇒ 0at ⇒ 0at Formula ⇒ bool where (partial-saturation S A R) = (∀ P1 P2 . (P1 ∈ S −→ P2 ∈ S −→(redundant (resolvent-upon P1 P2 A) R)))
62
We show that the resolvent of two redundant clauses in a partially saturated set is itself redundant. lemma resolvent-upon-and-partial-saturation : assumes redundant P1 S assumes redundant P2 S assumes partial-saturation S A (S ∪ R) assumes C = resolvent-upon P1 P2 A shows redundant C (S ∪ R) proof (rule ccontr ) assume ¬redundant C (S ∪ R) from hC = resolvent-upon P1 P2 Ai have C = (P1 − { Pos A }) ∪ (P2 − { Neg A }) by auto from h¬redundant C (S ∪ R)i have ¬tautology C unfolding redundant-def by auto have ¬ (tautology P1 ) proof assume tautology P1 then obtain B where Pos B ∈ P1 and Neg B ∈ P1 unfolding tautology-def by auto show False proof cases assume A = B with hNeg B ∈ P1 i and hC = (P1 − { Pos A }) ∪ (P2 − { Neg A })i have subsumes P2 C unfolding subsumes-def using Literal .distinct by blast with hredundant P2 S i have redundant C S using subsumption-preserves-redundancy by auto with h¬redundant C (S ∪ R)i show False unfolding redundant-def by auto next assume A 6= B with hC = (P1 − { Pos A }) ∪ (P2 − { Neg A })i and hPos B ∈ P1 i and hNeg B ∈ P1 i have Pos B ∈ C and Neg B ∈ C by auto with h¬redundant C (S ∪ R)i show False unfolding tautology-def redundant-def by auto qed qed with hredundant P1 S i obtain Q1 where Q1 ∈ S and subsumes Q1 P1 unfolding redundant-def by auto have ¬ (tautology P2 ) proof assume tautology P2 then obtain B where Pos B ∈ P2 and Neg B ∈ P2 unfolding tautology-def by auto show False proof cases assume A = B with hPos B ∈ P2 i and hC = (P1 − { Pos A }) ∪ (P2 − { Neg A })i have subsumes P1 C
63
unfolding subsumes-def using Literal .distinct by blast with hredundant P1 S i have redundant C S using subsumption-preserves-redundancy by auto with h¬redundant C (S ∪ R)i show False unfolding redundant-def by auto next assume A 6= B with hC = (P1 − { Pos A }) ∪ (P2 − { Neg A })i and hPos B ∈ P2 i and hNeg B ∈ P2 i have Pos B ∈ C and Neg B ∈ C by auto with h¬redundant C (S ∪ R)i show False unfolding tautology-def redundant-def by auto qed qed with hredundant P2 S i obtain Q2 where Q2 ∈ S and subsumes Q2 P2 unfolding redundant-def by auto let ?res = (Q1 − { Pos A }) ∪ (Q2 − { Neg A }) have ?res = resolvent-upon Q1 Q2 A by auto from this and hpartial-saturation S A (S ∪ R)i and hQ1 ∈ S i and hQ2 ∈ S i have redundant ?res (S ∪ R) unfolding partial-saturation-def by auto from hsubsumes Q1 P1 i and hsubsumes Q2 P2 i and hC = (P1 − { Pos A }) ∪ (P2 − { Neg A })i have subsumes ?res C unfolding subsumes-def by auto with hredundant ?res (S ∪ R)i and h¬redundant C (S ∪ R)i show False using subsumption-preserves-redundancy by auto qed
We show that if R is a set of resolvents of a set of clauses S then the same holds for S ∪ R. For the clauses in S, the premises are identical to the resolvent and the inference is thus redundant (this trick is useful to simplify proofs). definition in-all-resolvents-upon:: 0at Formula ⇒ 0at ⇒ 0at Clause ⇒ bool where in-all-resolvents-upon S A C = (∃ P1 P2 . (P1 ∈ S ∧ P2 ∈ S ∧ C = resolvent-upon P1 P2 A)) lemma every-clause-is-a-resolvent: assumes all-fulfill (in-all-resolvents-upon S A) R assumes all-fulfill (λx . ¬(tautology x )) S assumes P1 ∈ S ∪ R shows in-all-resolvents-upon S A P1 proof ((cases P1 ∈ R),(metis all-fulfill-def assms(1 ))) next assume P1 ∈ / R with hP1 ∈ S ∪ R i have P1 ∈ S by auto with h(all-fulfill (λx . ¬(tautology x )) S )i have ¬ tautology P1 unfolding all-fulfill-def by auto from h¬ tautology P1 i have Neg A ∈ / P1 ∨ Pos A ∈ / P1 unfolding tautology-def by auto
64
from this have P1 = (P1 − { Pos A }) ∪ (P1 − { Neg A }) by auto with hP1 ∈ S i show ?thesis unfolding resolvent-def unfolding in-all-resolvents-upon-def by auto qed
We show that if a formula is partially saturated then it stays so when new resolvents are added in the set. lemma partial-saturation-is-preserved : assumes partial-saturation S E1 S assumes partial-saturation S E2 (S ∪ R) assumes all-fulfill (λx . ¬(tautology x )) S assumes all-fulfill (in-all-resolvents-upon S E2 ) R shows partial-saturation (S ∪ R) E1 (S ∪ R) proof (rule ccontr ) assume ¬ partial-saturation (S ∪ R) E1 (S ∪ R) from this obtain P1 P2 C where P1 ∈ S ∪ R and P2 ∈ S ∪ R and C = resolvent-upon P1 P2 E1 and ¬ redundant C (S ∪ R) unfolding partial-saturation-def by auto from hC = resolvent-upon P1 P2 E1 i have C = (P1 − { Pos E1 }) ∪ (P2 − { Neg E1 }) by auto from hP1 ∈ S ∪ R i and assms(4 ) and h(all-fulfill (λx . ¬(tautology x )) S )i have in-all-resolvents-upon S E2 P1 using every-clause-is-a-resolvent by auto then obtain P1-1 P1-2 where P1-1 ∈ S and P1-2 ∈ S and P1 = resolvent-upon P1-1 P1-2 E2 using every-clause-is-a-resolvent unfolding in-all-resolvents-upon-def by blast from hP2 ∈ S ∪ R i and assms(4 ) and h(all-fulfill (λx . ¬(tautology x )) S )i have in-all-resolvents-upon S E2 P2 using every-clause-is-a-resolvent by auto then obtain P2-1 P2-2 where P2-1 ∈ S and P2-2 ∈ S and P2 = resolvent-upon P2-1 P2-2 E2 using every-clause-is-a-resolvent unfolding in-all-resolvents-upon-def by blast let ?R1 = resolvent-upon P1-1 P2-1 E1 from hpartial-saturation S E1 S i and hP1-1 ∈ S i and hP2-1 ∈ S i have redundant ?R1 S unfolding partial-saturation-def by auto let ?R2 = resolvent-upon P1-2 P2-2 E1 from hpartial-saturation S E1 S i and hP1-2 ∈ S i and hP2-2 ∈ S i have redundant ?R2 S unfolding partial-saturation-def by auto let ?C = resolvent-upon ?R1 ?R2 E2 from hC = resolvent-upon P1 P2 E1 i and hP2 = resolvent-upon P2-1 P2-2 E2 i and hP1 = resolvent-upon P1-1 P1-2 E2 i have ?C = C by auto with hredundant ?R1 S i and hredundant ?R2 S i and hpartial-saturation S E2 (S ∪ R)i and h¬ redundant C (S ∪ R)i show False using resolvent-upon-and-partial-saturation by auto qed
65
The next lemma shows that the clauses inferred by applying the resolution rule upon a given atom contain no occurrence of this atom, unless the inference is redundant. lemma resolvents-do-not-contain-atom : assumes ¬ tautology P1 assumes ¬ tautology P2 assumes C = resolvent-upon P1 P2 E2 assumes ¬ subsumes P1 C assumes ¬ subsumes P2 C shows (Neg E2 ) ∈ / C ∧ (Pos E2 ) ∈ / C proof from hC = resolvent-upon P1 P2 E2 i have C = (P1 − { Pos E2 }) ∪ (P2 − { Neg E2 }) by auto show (Neg E2 ) ∈ / C proof assume Neg E2 ∈ C from hC = resolvent-upon P1 P2 E2 i have C = (P1 − { Pos E2 }) ∪ (P2 − { Neg E2 }) by auto with hNeg E2 ∈ C i have Neg E2 ∈ P1 by auto from h¬ subsumes P1 C i and hC = (P1 − { Pos E2 }) ∪ (P2 − { Neg E2 })i have Pos E2 ∈ P1 unfolding subsumes-def by auto from hNeg E2 ∈ P1 i and hPos E2 ∈ P1 i and h¬ tautology P1 i show False unfolding tautology-def by auto qed next show (Pos E2 ) ∈ / C proof assume Pos E2 ∈ C from hC = resolvent-upon P1 P2 E2 i have C = (P1 − { Pos E2 }) ∪ (P2 − { Neg E2 }) by auto with hPos E2 ∈ C i have Pos E2 ∈ P2 by auto from h¬ subsumes P2 C i and hC = (P1 − { Pos E2 }) ∪ (P2 − { Neg E2 })i have Neg E2 ∈ P2 unfolding subsumes-def by auto from hNeg E2 ∈ P2 i and hPos E2 ∈ P2 i and h¬ tautology P2 i show False unfolding tautology-def by auto qed qed
The next lemma shows that partial saturation can be ensured by computing all (non-redundant) resolvents upon the considered atom. lemma ensures-partial-saturation : assumes partial-saturation S E2 (S ∪ R) assumes all-fulfill (λx . ¬(tautology x )) S assumes all-fulfill (in-all-resolvents-upon S E2 ) R assumes all-fulfill (λx . (¬redundant x S )) R
66
shows partial-saturation (S ∪ R) E2 (S ∪ R) proof (rule ccontr ) assume ¬ partial-saturation (S ∪ R) E2 (S ∪ R) from this obtain P1 P2 C where P1 ∈ S ∪ R and P2 ∈ S ∪ R and C = resolvent-upon P1 P2 E2 and ¬ redundant C (S ∪ R) unfolding partial-saturation-def by auto have P1 ∈ S proof (rule ccontr ) assume P1 ∈ / S with hP1 ∈ S ∪ R i have P1 ∈ R by auto with assms(3 ) obtain P1-1 and P1-2 where P1-1 ∈ S and P1-2 ∈ S and P1 = resolvent-upon P1-1 P1-2 E2 unfolding all-fulfill-def in-all-resolvents-upon-def by auto from hall-fulfill (λx . ¬(tautology x )) S i and hP1-1 ∈ S i and hP1-2 ∈ S i have ¬ tautology P1-1 and ¬ tautology P1-2 unfolding all-fulfill-def by auto from hall-fulfill (λx . (¬redundant x S )) R i and hP1 ∈ R i and hP1-1 ∈ S i and hP1-2 ∈ S i have ¬ subsumes P1-1 P1 and ¬ subsumes P1-2 P1 unfolding redundant-def all-fulfill-def by auto from h¬ tautology P1-1 i h¬ tautology P1-2 i h¬ subsumes P1-1 P1 i and h¬ subsumes P1-2 P1 i and hP1 = resolvent-upon P1-1 P1-2 E2 i have (Neg E2 ) ∈ / P1 ∧ (Pos E2 ) ∈ / P1 using resolvents-do-not-contain-atom [of P1-1 P1-2 P1 E2 ] by auto with hC = resolvent-upon P1 P2 E2 i have subsumes P1 C unfolding subsumes-def by auto with h¬ redundant C (S ∪ R)i and hP1 ∈ S ∪ R i show False unfolding redundant-def by auto qed have P2 ∈ S proof (rule ccontr ) assume P2 ∈ / S with hP2 ∈ S ∪ R i have P2 ∈ R by auto with assms(3 ) obtain P2-1 and P2-2 where P2-1 ∈ S and P2-2 ∈ S and P2 = resolvent-upon P2-1 P2-2 E2 unfolding all-fulfill-def in-all-resolvents-upon-def by auto from h(all-fulfill (λx . ¬(tautology x )) S )i and hP2-1 ∈ S i and hP2-2 ∈ S i have ¬ tautology P2-1 and ¬ tautology P2-2 unfolding all-fulfill-def by auto from hall-fulfill (λx . (¬redundant x S )) R i and hP2 ∈ R i and hP2-1 ∈ S i and hP2-2 ∈ S i have ¬ subsumes P2-1 P2 and ¬ subsumes P2-2 P2 unfolding redundant-def all-fulfill-def by auto from h¬ tautology P2-1 i h¬ tautology P2-2 i h¬ subsumes P2-1 P2 i and h¬ subsumes P2-2 P2 i and hP2 = resolvent-upon P2-1 P2-2 E2 i
67
have (Neg E2 ) ∈ / P2 ∧ (Pos E2 ) ∈ / P2 using resolvents-do-not-contain-atom [of P2-1 P2-2 P2 E2 ] by auto with hC = resolvent-upon P1 P2 E2 i have subsumes P2 C unfolding subsumes-def by auto with h¬ redundant C (S ∪ R)i and hP2 ∈ S ∪ R i show False unfolding redundant-def by auto qed from hP1 ∈ S i and hP2 ∈ S i and hpartial-saturation S E2 (S ∪ R)i and hC = resolvent-upon P1 P2 E2 i and h¬ redundant C (S ∪ R)i show False unfolding redundant-def partial-saturation-def by auto qed lemma resolvents-preserve-equivalence: shows equivalent S (S ∪ (all-resolvents-upon S A)) proof − have S ⊆ (S ∪ (all-resolvents-upon S A)) by auto then have entails-formula (S ∪ (all-resolvents-upon S A)) S using entailment-subset by auto have entails-formula S (S ∪ (all-resolvents-upon S A)) proof (rule ccontr ) assume ¬entails-formula S (S ∪ (all-resolvents-upon S A)) from this obtain C where C ∈ (all-resolvents-upon S A) and ¬entails S C unfolding entails-formula-def using entails-member by auto from hC ∈ (all-resolvents-upon S A)i obtain P1 P2 where C = resolvent-upon P1 P2 A and P1 ∈ S and P2 ∈ S unfolding all-resolvents-upon-def by auto from hC = resolvent-upon P1 P2 Ai and hP1 ∈ S i and hP2 ∈ S i have entails SC using resolvent-upon-correct by auto with h¬entails S C i show False by auto qed from hentails-formula (S ∪ (all-resolvents-upon S A)) S i and hentails-formula S (S ∪ (all-resolvents-upon S A))i show ?thesis unfolding equivalent-def by auto qed
Given a sequence of atoms, we define a sequence of clauses obtained by resolving upon each atom successively. Simplification rules are applied at each iteration step. fun resolvents-sequence :: (nat ⇒ 0at) ⇒ 0at Formula ⇒ nat ⇒ 0at Formula where (resolvents-sequence A S 0 ) = (simplify S ) | (resolvents-sequence A S (Suc N )) = (simplify ((resolvents-sequence A S N ) ∪ (all-resolvents-upon (resolvents-sequence A S N ) (A N ))))
The following lemma states that partial saturation is preserved by simplification. lemma redundancy-implies-partial-saturation:
68
assumes partial-saturation S1 A S1 assumes S2 ⊆ S1 assumes all-fulfill (λx . redundant x S2 ) S1 shows partial-saturation S2 A S2 proof (rule ccontr ) assume ¬partial-saturation S2 A S2 then obtain P1 P2 C where P1 ∈ S2 P2 ∈ S2 and C = (resolvent-upon P1 P2 A) and ¬ redundant C S2 unfolding partial-saturation-def by auto from hP1 ∈ S2 i and hS2 ⊆ S1 i have P1 ∈ S1 by auto from hP2 ∈ S2 i and hS2 ⊆ S1 i have P2 ∈ S1 by auto from hP1 ∈ S1 i and hP2 ∈ S1 i and hpartial-saturation S1 A S1 i and hC = resolvent-upon P1 P2 Ai have redundant C S1 unfolding partial-saturation-def by auto from h¬ redundant C S2 i have ¬tautology C unfolding redundant-def by auto with hredundant C S1 i obtain D where D ∈ S1 and D ⊆ C unfolding redundant-def subsumes-def by auto from hD ∈ S1 i and hall-fulfill (λx . redundant x S2 ) S1 i have redundant D S2 unfolding all-fulfill-def by auto from h¬ tautology C i and hD ⊆ C i have ¬ tautology D unfolding tautology-def by auto with hredundant D S2 i obtain E where E ∈ S2 and E ⊆ D unfolding redundant-def subsumes-def by auto from hE ⊆ D i and hD ⊆ C i have E ⊆ C by auto from hE ∈ S2 i and hE ⊆ C i and h¬redundant C S2 i show False unfolding redundant-def subsumes-def by auto qed
The next theorem finally states that the implicate generation algorithm is sound and complete in the sense that the final clause set in the sequence is exactly the set of prime implicates of the considered clause set. theorem incremental-prime-implication-generation: assumes atoms-formula S = { X . ∃ I ::nat. I < N ∧ X = (A I ) } assumes all-fulfill finite S shows (prime-implicates S ) = (resolvents-sequence A S N ) proof −
We define a set of invariants and show that they are satisfied by all sets in the above sequence. For the last set in the sequence, the invariants ensure that the clause set is saturated, which entails the desired property. let ?Final = resolvents-sequence A S N
We define some properties and show by induction that they are satisfied by all the clause sets in the constructed sequence let ?equiv-init = λI .(equivalent S (resolvents-sequence A S I )) let ?partial-saturation = λI . (∀ J ::nat. (J < I −→ (partial-saturation (resolvents-sequence A S I ) (A J ) (resolvents-sequence A S I ))))
69
let ?no-tautologies = λI .(all-fulfill (λx . ¬(tautology x )) (resolvents-sequence A S I) ) let ?atoms-init = λI .(atoms-formula (resolvents-sequence A S I ) ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I )}) let ?non-redundant = λI .(non-redundant (resolvents-sequence A S I )) let ?finite =λI . (all-fulfill finite (resolvents-sequence A S I )) have ∀ I . (I ≤ N −→ (?equiv-init I ) ∧ (?partial-saturation I ) ∧ (?no-tautologies I) ∧ (?atoms-init I ) ∧ (?non-redundant I ) ∧ (?finite I ) ) proof (rule allI ) fix I show (I ≤ N −→ (?equiv-init I ) ∧ (?partial-saturation I ) ∧ (?no-tautologies I ) ∧ (?atoms-init I) ∧ (?non-redundant I ) ∧ (?finite I ) ) (is I ≤ N −→ ?P I ) proof (induction I )
We show that the properties are all satisfied by the initial clause set (after simplification). show 0 ≤ N −→ ?P 0 proof (rule impI )+ assume 0 ≤ N let ?R = resolvents-sequence A S 0 from hall-fulfill finite S i have ?equiv-init 0 using simplify-preserves-equivalence by auto moreover have ?no-tautologies 0 using simplify-def strictly-redundant-def all-fulfill-def by auto moreover have ?partial-saturation 0 by auto moreover from hall-fulfill finite S i have ?finite 0 using simplify-finite by auto moreover have atoms-formula ?R ⊆ atoms-formula S using atoms-formula-simplify by auto moreover with hatoms-formula S = { X . ∃ I ::nat. I < N ∧ X = (A I ) }i have v : ?atoms-init 0 unfolding simplify-def by auto moreover have ?non-redundant 0 using simplify-non-redundant by auto ultimately show ?P 0 by auto qed
We then show that the properties are preserved by induction. next fix I assume I ≤ N −→ ?P I show (Suc I ) ≤ N −→ (?P (Suc I )) proof (rule impI )+ assume (Suc I ) ≤ N let ?Prec = resolvents-sequence A S I let ?R = resolvents-sequence A S (Suc I )
70
from hSuc I ≤ N i and hI ≤ N −→ ?P I i have ?equiv-init I and ?partial-saturation I and ?no-tautologies I and ?finite I and ?atoms-init I and ?non-redundant I by auto have equivalent ?Prec (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) using resolvents-preserve-equivalence by auto from h?finite I i have all-fulfill finite (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) using all-resolvents-upon-is-finite by auto then have all-fulfill finite (simplify (?Prec ∪ (all-resolvents-upon ?Prec (A I )))) using simplify-finite by auto then have ?finite (Suc I ) by auto from hall-fulfill finite (?Prec ∪ (all-resolvents-upon ?Prec (A I )))i have equivalent (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) ?R using simplify-preserves-equivalence by auto from hequivalent ?Prec (?Prec ∪ (all-resolvents-upon ?Prec (A I )))i and hequivalent (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) ?R i have equivalent ?Prec ?R by (rule equivalent-transitive) from h?equiv-init I i and this have ?equiv-init (Suc I ) by (rule equivalent-transitive) have ?no-tautologies (Suc I ) using simplify-def strictly-redundant-def all-fulfill-def by auto let ?Delta = ?R − ?Prec have ?R ⊆ ?Prec ∪ ?Delta by auto have all-fulfill (λx . (redundant x ?R)) (?Prec ∪ ?Delta) proof (rule ccontr ) assume ¬all-fulfill (λx . (redundant x ?R)) (?Prec ∪ ?Delta) then obtain x where ¬redundant x ?R and x ∈ ?Prec ∪ ?Delta unfolding all-fulfill-def by auto from h¬redundant x ?R i have ¬x ∈ ?R unfolding redundant-def subsumes-def by auto with hx ∈ ?Prec ∪ ?Delta i have x ∈ (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) by auto with hall-fulfill finite (?Prec ∪ (all-resolvents-upon ?Prec (A I )))i have redundant x (simplify (?Prec ∪ (all-resolvents-upon ?Prec (A I )))) using simplify-and-membership by blast with h¬redundant x ?R i show False by auto qed have all-fulfill (in-all-resolvents-upon ?Prec (A I )) ?Delta proof (rule ccontr ) assume ¬ (all-fulfill (in-all-resolvents-upon ?Prec (A I )) ?Delta) then obtain C where C ∈ ?Delta and ¬in-all-resolvents-upon ?Prec (A I ) C unfolding all-fulfill-def by auto then obtain C where C ∈ ?Delta and not-res: ∀ P1 P2 . ¬(P1 ∈ ?Prec ∧ P2 ∈ ?Prec ∧ C = resolvent-upon
71
P1 P2 (A I )) unfolding all-fulfill-def in-all-resolvents-upon-def by blast from hC ∈ ?Delta i have C ∈ ?R and C ∈ / ?Prec by auto then have C ∈ simplify (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) by auto then have C ∈ ?Prec ∪ (all-resolvents-upon ?Prec (A I )) unfolding simplify-def by auto with hC ∈ / ?Prec i have C ∈ (all-resolvents-upon ?Prec (A I )) by auto with not-res show False unfolding all-resolvents-upon-def by auto qed have all-fulfill (λx . (¬redundant x ?Prec)) ?Delta proof (rule ccontr ) assume ¬all-fulfill (λx . (¬redundant x ?Prec)) ?Delta then obtain C where C ∈ ?Delta and redundant: redundant C ?Prec unfolding all-fulfill-def by auto from hC ∈ ?Delta i have C ∈ ?R and C ∈ / ?Prec by auto show False proof cases assume strictly-redundant C ?Prec then have strictly-redundant C (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) unfolding strictly-redundant-def by auto then have C ∈ / simplify (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) unfolding simplify-def by auto then have C ∈ / ?R by auto with hC ∈ ?R i show False by auto next assume ¬strictly-redundant C ?Prec with redundant have C ∈ ?Prec unfolding strictly-redundant-def redundant-def subsumes-def by auto with hC ∈ / ?Prec i show False by auto qed qed have ∀ J ::nat. (J < (Suc I )) −→ (partial-saturation ?R (A J ) ?R) proof (rule ccontr ) assume ¬(∀ J ::nat. (J < (Suc I )) −→ (partial-saturation ?R (A J ) ?R)) then obtain J where J < (Suc I ) and ¬(partial-saturation ?R (A J ) ?R) by auto from h¬(partial-saturation ?R (A J ) ?R)i obtain P1 P2 C where P1 ∈ ?R and P2 ∈ ?R and C = resolvent-upon P1 P2 (A J ) and ¬ redundant C ?R unfolding partial-saturation-def by auto have partial-saturation ?Prec (A I ) (?Prec ∪ ?Delta) proof (rule ccontr ) assume ¬partial-saturation ?Prec (A I ) (?Prec ∪ ?Delta) then obtain P1 P2 C where P1 ∈ ?Prec and P2 ∈ ?Prec and C = resolvent-upon P1 P2 (A I ) and ¬redundant C (?Prec ∪ ?Delta) unfolding partial-saturation-def by auto from hC = resolvent-upon P1 P2 (A I )i and hP1 ∈ ?Prec i and hP2 ∈
72
?Prec i have C ∈ ?Prec ∪ (all-resolvents-upon ?Prec (A I )) unfolding all-resolvents-upon-def by auto from hall-fulfill finite (?Prec ∪ (all-resolvents-upon ?Prec (A I )))i and this have redundant C ?R using simplify-and-membership [of ?Prec ∪ (all-resolvents-upon ?Prec (A I )) ?R C ] by auto with h?R ⊆ ?Prec ∪ ?Delta i have redundant C (?Prec ∪ ?Delta) using superset-preserves-redundancy [of C ?R (?Prec ∪ ?Delta)] by auto with h¬redundant C (?Prec ∪ ?Delta)i show False by auto qed show False proof cases assume J = I from hpartial-saturation ?Prec (A I ) (?Prec ∪ ?Delta)i and h?no-tautologies Ii and h(all-fulfill (in-all-resolvents-upon ?Prec (A I )) ?Delta)i and hall-fulfill (λx . (¬redundant x ?Prec)) ?Delta i have partial-saturation (?Prec ∪ ?Delta) (A I ) (?Prec ∪ ?Delta) using ensures-partial-saturation [of ?Prec (A I ) ?Delta] by auto with h?R ⊆ ?Prec ∪ ?Delta i and hall-fulfill (λx . (redundant x ?R)) (?Prec ∪ ?Delta)i have partial-saturation ?R (A I ) ?R using redundancy-implies-partial-saturation by auto with hJ = I i and h¬(partial-saturation ?R (A J ) ?R)i show False by auto next assume J 6= I with hJ < (Suc I )i have J < I by auto with h?partial-saturation I i have partial-saturation ?Prec (A J ) ?Prec by auto with hpartial-saturation ?Prec (A I ) (?Prec ∪ ?Delta)i and h?no-tautologies Ii and h(all-fulfill (in-all-resolvents-upon ?Prec (A I )) ?Delta)i and hall-fulfill (λx . (¬redundant x ?Prec)) ?Delta i have partial-saturation (?Prec ∪ ?Delta) (A J ) (?Prec ∪ ?Delta) using partial-saturation-is-preserved [of ?Prec A J A I ?Delta] by auto with h?R ⊆ ?Prec ∪ ?Delta i and hall-fulfill (λx . (redundant x ?R)) (?Prec ∪ ?Delta)i have partial-saturation ?R (A J ) ?R using redundancy-implies-partial-saturation by auto with h¬(partial-saturation ?R (A J ) ?R)i show False by auto qed qed have non-redundant ?R using simplify-non-redundant by auto from h?atoms-init I i have atoms-formula (all-resolvents-upon ?Prec (A I )) ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I )}
73
using atoms-formula-resolvents [of ?Prec A I ] by auto with h?atoms-init I i have atoms-formula (?Prec ∪ (all-resolvents-upon ?Prec (A I ))) ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I )} using atoms-formula-union [of ?Prec all-resolvents-upon ?Prec (A I )] by auto from this have atoms-formula ?R ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I )} using atoms-formula-simplify [of ?Prec ∪ (all-resolvents-upon ?Prec (A I ))] by auto from hequivalent S (resolvents-sequence A S (Suc I ))i and h(∀ J ::nat. (J < (Suc I ) −→ (partial-saturation (resolvents-sequence A S (Suc I )) (A J ) (resolvents-sequence A S (Suc I )))))i h and (all-fulfill (λx . ¬(tautology x )) (resolvents-sequence A S (Suc I )) )i and h(all-fulfill finite (resolvents-sequence A S (Suc I )))i and hnon-redundant ?R i and hatoms-formula (resolvents-sequence A S (Suc I )) ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I )}i show ?P (Suc I ) by auto qed qed qed
Using the above invariants, we show that the final clause set is saturated. from this have ∀ J . (J < N −→ partial-saturation ?Final (A J ) ?Final ) and atoms-formula (resolvents-sequence A S N ) ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I )} and equivalent S ?Final and non-redundant ?Final and all-fulfill finite ?Final by auto have saturated-binary-rule resolvent ?Final proof (rule ccontr ) assume ¬ saturated-binary-rule resolvent ?Final then obtain P1 P2 C where P1 ∈ ?Final and P2 ∈ ?Final and resolvent P1 P2 C and ¬redundant C ?Final unfolding saturated-binary-rule-def by auto from hresolvent P1 P2 C i obtain B where C = resolvent-upon P1 P2 B unfolding resolvent-def by auto show False proof cases assume B ∈ (atoms-formula ?Final ) with hatoms-formula ?Final ⊆ { X . ∃ I ::nat. I < N ∧ X = (A I ) }i obtain I where B = (A I ) and I < N by auto from hB = (A I )i and hC = resolvent-upon P1 P2 B i have C = resolvent-upon P1 P2 (A I ) by auto
74
from h∀ J . (J < N −→ partial-saturation ?Final (A J ) ?Final )i and hB = (A I )iand hI < N i have partial-saturation ?Final (A I ) ?Final by auto with hC = resolvent-upon P1 P2 (A I )iand hP1 ∈ ?Final i and hP2 ∈ ?Final i have redundant C ?Final unfolding partial-saturation-def by auto with h¬redundant C ?Final i show False by auto next assume B ∈ / atoms-formula ?Final with hP1 ∈ ?Final i have B ∈ / atoms-clause P1 by auto then have Pos B ∈ / P1 by auto with hC = resolvent-upon P1 P2 B i have P1 ⊆ C by auto with hP1 ∈ ?Final i and h¬redundant C ?Final i show False unfolding redundant-def subsumes-def by auto qed qed with hall-fulfill finite ?Final i and hnon-redundant ?Final i have prime-implicates ?Final = ?Final using prime-implicates-of-saturated-sets [of ?Final ] by auto with hequivalent S ?Final i show ?thesis using equivalence-and-prime-implicates by auto qed end end
75
